Markus Falb wrote: > Eric Böse-Wolf wrote: > > >> Vladimir Doisan <vdoi...@giantmarkets.com> writes: >> >> >>> If you turn TLS and file encryption - the data will be double encrypted >>> >> If I only turn on file encryption, then the data goes encrypted over the >> wire or the air, but what is not encrypted? >> >> For example what's with the connection cookie the director presents the >> [FS]D (don't know exactly)? >> > > Same Question here! In other words: If i do Data Encryption, is it safe > to avoid the double encryption by disabling TLS for File Daemon to > Storage Daemon Network Communication ? > > As I understand it, "data encryption" (as the manual uses the term) means the FD encrypts the CONTENTS of every file before it's sent to the SD. The SD then stores each file to the backup media as-is (in its encrypted form). No decryption (or encryption for that matter) is done by the SD. File metadata (filename, path, size, permissions, etc.) are not encrypted, nor are any other aspects of the communication between the FD and SD (commands, negotiation, etc.).
"TLS encryption" refers to encryption of the communication channel between the various daemons -- in this case, we're concerned with the communication channel between the SD and FD. With "TLS encryption" the FD encrypts everything it sends to the SD (file contents, metadata, commands, etc.) , but unlike "data encryption" the SD decrypts everything at the other end. If you are not also using "data encryption" your files get written to the backup media UNencrypted. So the answer to your question depends on which pieces of your backup scheme you consider to be insecure. If you're worried about someone getting hold of your backup media, you need "data encryption". If you're worried about someone eavesdropping on communications between the FD and SD, you need "TLS encryption". And obviously, if you're worried about both, you need both. - Cedric ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
