[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] best practices for key management w/encrypted backups

Subject: [ale] best practices for key management w/encrypted backups
From: jakes.dad at gmail.com (Sid Lane)
Date: Wed, 13 May 2009 09:33:59 -0400

hey,

I have been tasked w/reviewing/testing/etc our processes for managing
encrypted backups & it got me to thinking "what's the right # of keys to
deploy (global master pair?  one per client?  one per application?)?  how
often should they be rotated?  where/how should they be stored?", etc.

my 1st inclination is to write a script to generate a metric 5h1+-ton of key
pairs, burn them onto a bunch of CDs and distribute them to clients for
one-time use but is that thermonuclear overkill?  obviously nobody wants to
end up on /. but on the other hand ending up w/a backup you can't
decrypt/restore is arguably worse (far IMO).

what are the accepted best practices for key management (generation,
rotation, storage, recall, etc) for backups?  any good white papers, books,
blogs, etc?

any info appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090513/827f5207/attachment-0001.html

Follow-Ups:
- [ale] best practices for key management w/encrypted backups
  - From: ale at sixit.com (Robert Reese~)

Prev by Date: [ale] stalled ftp/sftp transfers
Next by Date: [ale] transfer speed
Previous by thread: [ale] stalled ftp/sftp transfers
Next by thread: [ale] best practices for key management w/encrypted backups
Index(es):
- Date
- Thread