New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Well retail SSL more secure thats right. But i wanted to know what others think about this. Thats all.
You've missed about 49 pages of the questionnaire :-)
Ok, I'm eager enough to learn that I've downloaded and looked through PCI DSS SAQ C v3.1.
There's a whole lot of irrelevant stuff like "are hardcopy materials cross-cut shredded?" ...
Maybe I've missed something, but to me it seems the key requirement is 4.1(a) "Are strong cryptography and security protocols, such as TLS, SSH or IPSEC, used to safeguard sensitive cardholder data during transmission over open, public networks?"
I think argument can be made that CF's internal decrypt/encrypt tunnels are not "open, public networks", and that strong cryptography and security protocols are actually being used whenever sensitive cardholder data is being transmitted over "open, public networks".
There's nothing in the questionnaire that directly addresses end-to-end (which is admittedly desirable, but not possible with CF, and also not needed for the questionnaire to my understanding). Maybe the next time cardholder data is stolen via CF, they will issue a clarification that addresses end-to-end ...
CloudFlare's a level 1 PCI compliant and validated service provider. Even better, their WAF satisfies requirement 6.6 for you.