Post AO2JCu6apSFhcQZPAe by adamsdesk@mastodon.technology
(DIR) More posts by adamsdesk@mastodon.technology
(DIR) Post #AO28a9iJrdEZBz6K2q by mike@fosstodon.org
2022-09-28T19:58:40Z
0 likes, 0 repeats
Me: I'll need your PGP key.Them: We'll be leveraging server-side-encryption for the incoming data. The server encrypts objects before saving them to disks and decrypts them when objects are downloaded.Me: Sooooo, you don't have one. OK. 🙄
(DIR) Post #AO2I2VLxtyGO0AEnOy by adamsdesk@mastodon.technology
2022-09-28T21:44:40Z
0 likes, 0 repeats
@mike I find this very frustrating. For some reason the questions that are asked are not all answered. Even after repeatedly asking.
(DIR) Post #AO2J4QNlSFRp7MYguO by mike@fosstodon.org
2022-09-28T21:56:11Z
0 likes, 0 repeats
@adamsdesk These guys are just trying to find a good excuse, and they don't really know a lot about what they're talking about. They think that disk level encryption replaces PGP. They also made sure to mention later on in a part I didn't mention that they wanted us to use SSL for the file transfers. Lots of hand waving regarding security, but they sent user/password in the same email plain text. Drive encryption and SSL isn't going fix that.
(DIR) Post #AO2JCu6apSFhcQZPAe by adamsdesk@mastodon.technology
2022-09-28T21:57:44Z
0 likes, 0 repeats
@mike 🤦 Why, why can't people just say they do not understand the context or how to use something. It's not hard.
(DIR) Post #AO2JlMhJ1wnE8qAswi by mike@fosstodon.org
2022-09-28T22:03:56Z
0 likes, 0 repeats
@adamsdesk I got nothing. People just hate admitting they don't know things.
(DIR) Post #AO2JzPL60NYmOBTwki by adamsdesk@mastodon.technology
2022-09-28T22:06:03Z
0 likes, 0 repeats
@mike Though I understand that, one should really be focused on having humility. No one person can know it all.
(DIR) Post #AO2vJ1CJAaRfbuaO4e by birnim@fosstodon.org
2022-09-29T05:04:39Z
0 likes, 0 repeats
@mike cbsg deja vu
(DIR) Post #AO2vTMi22pgzDvMH0y by Kauer@fosstodon.org
2022-09-29T05:06:23Z
0 likes, 0 repeats
@mike is this aws or someone using aws? Cos you can encrypt to/from S3 with a customer supplied key... or just encrypt before storing. Not sure what the use case is. Ignore if noise :-)
(DIR) Post #AO3xtW54Dagqstgr3I by mike@fosstodon.org
2022-09-29T17:07:43Z
0 likes, 0 repeats
@Kauer Heh, it is S3, but the customer literally sent their keys (even the secret one) to a distribution list of more than 20 people. It's stored in plain text in several different documents they've exchanged with us, and I have no idea how many people have access to it on their side of things. On our side, lots. They don't use any at rest encryption other than that.
(DIR) Post #AO4J5gzHaiSXDudEem by Kauer@fosstodon.org
2022-09-29T21:05:53Z
0 likes, 0 repeats
@mike don't really think the issue is lack of a PGP key then...
(DIR) Post #AO4L8qCI0PnuZ2LQrg by mike@fosstodon.org
2022-09-29T21:28:51Z
0 likes, 0 repeats
@Kauer No, it's really not. I just find it funny how people in large companies for some reason need to answer even the most basic questions with a paragraph of irrelevant information. I had to cut stuff out of their response because it was too long for a Mastodon toot. I mean, asking for a pgp key and I got the method and bit strength of the disk level encryption. They could have just said "We don't have one."