accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Fuchs <scubafu...@gmail.com>
Subject Re: ACCUMULO-958 - Pluggable encryption in walogs
Date Wed, 30 Jan 2013 14:50:01 GMT
Josh,

Mike Allen is still working on ACCUMULO-958, and will have an updated patch
in the next couple of weeks. We were hoping to get the more complete
encryption strategy into 1.5, but were not able to complete it by feature
freeze. However, the WAL encryption as is, when configured with the default
settings, should be no harm to 1.5 -- there's no reason to pull it out or
get concerned about it. We just can't advertise it as a feature of 1.5.
This is one of the reasons why some of the methods are marked as deprecated.

The more complete encryption story, which should be in place for the 1.6
release, should be discussed in ACCUMULO-998.

Cheers,
Adam



On Wed, Jan 30, 2013 at 9:13 AM, Josh Elser <josh.elser@gmail.com> wrote:

> All,
>
> It's been a few days and I haven't seen much chatter at all on
> ACCUMULO-958 [1] since the patch was applied. There are a couple of
> concerns I have that I definitely want to see addressed before a 1.5.0
> release.
>
> - It worries me that the provided patch is fail-open (when we can't load
> the configured encryption strategies/modules, we don't decrypt anything. I
> think for a security-minded database, we should probably be defaulting to
> fail-close; but, that brings up an issue, what happens when we can't
> encrypt a WAL? Do minor compactions fail gracefully? What does Accumulo do?
>
> - John said he had been reviewing the patch before he applied it; it
> bothers me that there was a version of this patch that had been reviewed
> privately for some amount of time when we had already pushed back the
> feature freeze date by a week waiting for features that weren't done.
>
> - The author noted himself with the deprecation of the CryptoModule
> interface that "we anticipate changing [this] in non-backwards compatible
> ways as we explore requirements for encryption in Accumulo...". This tells
> me that implementation of WAL encryption overall hasn't been properly
> thought out.
>
> Given all of this, it gives me great pause to knowingly include this patch
> into a 1.5.0 release. I see no signs that this has been truly thought out,
> there is no default provided encryption strategy for 1.5.0 with this patch
> for the WAL and there is still no support at all for RFile encryption (no
> end-to-end Accumulo encryption for a user). All of these issues considered
> make me believe that this is an incomplete feature that is not ready for an
> Apache Accumulo release.
>
> Thoughts?
>
> - Josh
>
> [1] https://issues.apache.org/**jira/browse/ACCUMULO-958<https://issues.apache.org/jira/browse/ACCUMULO-958>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message