From: Dylan Whyte <d.whyte@proxmox.com>
To: pbs-devel@lists.proxmox.com
Subject: [pbs-devel] [PATCH proxmox-backup] docs: clarify that client-server communication is secure
Date: Tue, 19 Jan 2021 15:17:21 +0100 [thread overview]
Message-ID: <20210119141721.23789-1-d.whyte@proxmox.com> (raw)
This clarifies the fact that all communication between client and server
uses TLS for secure communication.
Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>
---
docs/faq.rst | 9 ++++++---
docs/introduction.rst | 16 +++++++++-------
2 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/docs/faq.rst b/docs/faq.rst
index e0051859..8c41b36f 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -53,9 +53,12 @@ checksums. This manifest file is used to verify the integrity of each backup.
When backing up to remote servers, do I have to trust the remote server?
------------------------------------------------------------------------
-Proxmox Backup Server supports client-side encryption, meaning your data is
-encrypted before it reaches the server. Thus, in the event that an attacker
-gains access to the server, they will not be able to read the data.
+Proxmox Backup Server transfers data via `Transport Layer Security (TLS)
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_ and additionally
+supports client-side encryption. This means that data is transferred securely
+and can be encrypted before it reaches the server. Thus, in the event that an
+attacker gains access to the server or any point of the network, they will not
+be able to read the data.
.. note:: Encryption is not enabled by default. To set up encryption, see the
`Encryption
diff --git a/docs/introduction.rst b/docs/introduction.rst
index 20c29602..8df1f691 100644
--- a/docs/introduction.rst
+++ b/docs/introduction.rst
@@ -14,11 +14,12 @@ It supports deduplication, compression, and authenticated
encryption (AE_). Using :term:`Rust` as the implementation language guarantees high
performance, low resource usage, and a safe, high-quality codebase.
-Proxmox Backup uses state of the art cryptography for client communication and
-backup content :ref:`encryption <encryption>`. Encryption is done on the
-client side, making it safer to back up data to targets that are not fully
-trusted.
-
+Proxmox Backup uses state of the art cryptography for both client-server
+communication and backup content :ref:`encryption <encryption>`. All
+client-server communication uses `TLS
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_, and backup data can
+be encrypted on the client-side before sending, making it safer to back up data
+to targets that are not fully trusted.
Architecture
------------
@@ -65,8 +66,9 @@ Main Features
several gigabytes of data per second.
:Encryption: Backups can be encrypted on the client-side, using AES-256 in
- Galois/Counter Mode (GCM_) mode. This authenticated encryption (AE_) mode
- provides very high performance on modern hardware.
+ Galois/Counter Mode (GCM_). This authenticated encryption (AE_) mode
+ provides very high performance on modern hardware. In addition to client-side
+ encryption, all data is transferred via a secure TLS connection.
:Web interface: Manage the Proxmox Backup Server with the integrated, web-based
user interface.
--
2.20.1
next reply other threads:[~2021-01-19 14:18 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-19 14:17 Dylan Whyte [this message]
2021-01-22 15:23 ` Dietmar Maurer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210119141721.23789-1-d.whyte@proxmox.com \
--to=d.whyte@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox