 |
 |
My answers below. On 02/13/2012 12:17 PM, Goethals, Andrea wrote: > I hope you all don't mind my starting this series off. I think this would work best if we pass the virtual baton around to a different person after each topic. We can queue up a list of topics on the wiki so people know what's coming next. > > The first topic is encryption in preservation storage. I am thinking about hardware or software or file encryption primarily imposed by the repository (but whether or not you accept content encrypted by others is also interesting). I am thinking less about encrypting for transport (e.g. https). Say what you want about it but I'll pose some questions to get you thinking about it. > > > > * Do you have any opinions on it? What are your reasons for your opinions (gut feelings are OK)? Pros: * Strong encryption eliminates worries associated with unauthorized access to preservation copies of materials (such as copyrighted data). * Encryption doubles as an authenticity check, and in fact, some encryption methods involve the creation of a digital signature that can be used for provenance or bit rot detection. Cons: * Encryption causes file size bloat to the tune of 20-30%. * For light archives, encryption imparts a performance penalty for systems that need to extract the content from the preservation archive for access purposes. * Long-term secure preservation of the decryption keys themselves is typically raised as a concern, although personally I feel that solutions to this problem are straightforward, albeit complex. > * What kinds of problems do you think it might create in the future? As mentioned, preservation of the encryption keys is typically raised as a long-term concern. Format obsolescence and the need for migration is of equal concern with encryption formats as it is with data storage formats themselves. > * Do you have any current requirements to do this (laws, policies)? What are the conditions under which you need to encrypt? Do you know of any upcoming requirements for you to do this? No. > * If you do it what technique(s)/strategies do you use? Do you isolate encrypted content from non-encrypted content? We use Tivoli Storage Manager (TSM) client-side encryption for our tape backups. We do not operate the tape backup system we use, so we want to isolate our data security from the tape backup system environment. > * Do you know of any relevant studies/papers, etc. about this topic? No. > Someone proposed that we keep each topic discussion to around 2 weeks so let's see if we've said what we want to by March 2. We can always extend this one since there was no advance notice of the topic. > > Thanks, > Andrea > > Andrea Goethals > Digital Preservation and Repository Services Manager > Harvard Library Office for Information Systems > [log in to unmask] > (617) 495-3724 > > > ############################ > > To unsubscribe from the NDSA-INFRASTRUCTURE list: > write to: mailto:[log in to unmask] > or click the following link: > http://list.digitalpreservation.gov/SCRIPTS/WA-DIGITAL.EXE?SUBED1=NDSA-INFRASTRUCTURE&A=1 ############################ To unsubscribe from the NDSA-INFRASTRUCTURE list: write to: mailto:[log in to unmask] or click the following link: http://list.digitalpreservation.gov/SCRIPTS/WA-DIGITAL.EXE?SUBED1=NDSA-INFRASTRUCTURE&A=1