Douglas Gourlay wrote:
> The key design considerations this generates are more in the
> security space. I say this because how we choose to deal with
> this "used to be encrypted" data after termination is a concern
> that will plague the end-user of a commerce site.
Sure, and this does not have that much with SSL to do. More of a general
concern how sensitive data is processed at the site. The reasoning must
be applied to the whole chain where the data is processed, not only the
web server.
SSL acceleration gateways are part of the service setup, just as HTTP
servers, server-side applications, SQL servers and even humans
processing the entered data. Where you draw the line on how far data
must be encryped depends on the requirements of setup as a whole, not a
single component like SSL.
-- Henrik Nordstrom
This archive was generated by hypermail 2b29 : Thu Nov 18 2004 - 11:21:29 MST