docs: clarify that client-server communication is secure

This clarifies the fact that all communication between client and server
uses TLS for secure communication.

Signed-off-by: Dylan Whyte <d.whyte@proxmox.com>

diff --git a/docs/faq.rst b/docs/faq.rst
index e00518598dfe2d35ee6e45b2f6c4cb6200f8825e..8c41b36fddc5752b2246e1950e81f4beb611b51c 100644 (file)
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -53,9 +53,12 @@ checksums. This manifest file is used to verify the integrity of each backup.
 When backing up to remote servers, do I have to trust the remote server?
 ------------------------------------------------------------------------
 
-Proxmox Backup Server supports client-side encryption, meaning your data is
-encrypted before it reaches the server. Thus, in the event that an attacker
-gains access to the server, they will not be able to read the data.
+Proxmox Backup Server transfers data via `Transport Layer Security (TLS)
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_ and additionally
+supports client-side encryption. This means that data is transferred securely
+and can be encrypted before it reaches the server.  Thus, in the event that an
+attacker gains access to the server or any point of the network, they will not
+be able to read the data.
 
 .. note:: Encryption is not enabled by default. To set up encryption, see the
   `Encryption

diff --git a/docs/introduction.rst b/docs/introduction.rst
index 20c296023b88ac1b4c324044c0e78a37e0711f4f..8df1f6912a1c2b94f7acb857a87894a52e7a5e29 100644 (file)
--- a/docs/introduction.rst
+++ b/docs/introduction.rst
@@ -14,11 +14,12 @@ It supports deduplication, compression, and authenticated
 encryption (AE_). Using :term:`Rust` as the implementation language guarantees high
 performance, low resource usage, and a safe, high-quality codebase.
 
-Proxmox Backup uses state of the art cryptography for client communication and
-backup content :ref:`encryption <encryption>`. Encryption is done on the
-client side, making it safer to back up data to targets that are not fully
-trusted.
-
+Proxmox Backup uses state of the art cryptography for both client-server
+communication and backup content :ref:`encryption <encryption>`. All
+client-server communication uses `TLS
+<https://en.wikipedia.org/wiki/Transport_Layer_Security>`_, and backup data can
+be encrypted on the client-side before sending, making it safer to back up data
+to targets that are not fully trusted.
 
 Architecture
 ------------
@@ -65,8 +66,9 @@ Main Features
    several gigabytes of data per second.
 
 :Encryption: Backups can be encrypted on the client-side, using AES-256 in
-   Galois/Counter Mode (GCM_) mode. This authenticated encryption (AE_) mode
-   provides very high performance on modern hardware.
+   Galois/Counter Mode (GCM_). This authenticated encryption (AE_) mode
+   provides very high performance on modern hardware. In addition to client-side
+   encryption, all data is transferred via a secure TLS connection.
 
 :Web interface: Manage the Proxmox Backup Server with the integrated, web-based
    user interface.