...
Data in transit policy (Mostly a placeholder for now, details added for brevity)
The data in transit security policy, will be applicable for the sensitive configuration data in transit between the controller software and the end user (downloader) inside EVE.
Data in transit security, is applicable for controller and EVE Module data exchange. The Currently, the data in transit is secured through TLS 1.2 framework, for configuration/status/information exchange between the controller and EVE. The data in transit security for Application instance data traffic will be prerogative of the application software and, is out of scope for the current proposal. Currently, TLS 1.2 is used for The scope of data in transit security policy, will be applicable for configuration/status/information exchange the sensitive object level configuration data in transit between the controller software and EVE.Additionally, sensitive object level configuration informationthe end user (downloader) inside EVE, viz., data store credentials, will be secured end-to-end between the controller and downloader(inside EVE), by . This will be done by using the device cert/key pair. The sensitive configuration for EVE, will be stored in encrypted form (cypher text), till it is ready for use by the end user. viz., data store access credentials. Currently, the data in transit is secured through TLS 1.2 framework, between the controller and EVEdownloader.
References
- https://wiki.lfedge.org/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
- The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186