I’ve got a WCF service which handles some sensitive data. I’d like to make sure I keep that data from being exposed and so I’m looking at netTCPBinding… primarily because I can control the network it runs across and performance is a high priority.
I recognize that there are two areas that can be encrypted: transport level and message level. I intend to use certificates to encrypt at the transport level, which I understand uses TLS over TCP.
The calling clients are also mine and so I control the transport level. Since I anticipate no change in the transport layer, do I need to bother with message level encryption? It seems unnecessary unless I want the flexibility of changing the transport.
The message-level encryption is needed when you do not control an intermediary. Intermediary services need to be able to modify the soap headers and could peek at your sensitive data for malicious purposes. But if you control everything from initial sender to ultimate receiver, then you do not need encryption at that level.
I work on a project that uses netTCP for internal services, and I can confirm it works well.