Return-Path: X-Original-To: apmail-accumulo-dev-archive@www.apache.org Delivered-To: apmail-accumulo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7A13CEC23 for ; Wed, 30 Jan 2013 14:50:39 +0000 (UTC) Received: (qmail 56900 invoked by uid 500); 30 Jan 2013 14:50:39 -0000 Delivered-To: apmail-accumulo-dev-archive@accumulo.apache.org Received: (qmail 56717 invoked by uid 500); 30 Jan 2013 14:50:38 -0000 Mailing-List: contact dev-help@accumulo.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@accumulo.apache.org Delivered-To: mailing list dev@accumulo.apache.org Received: (qmail 56689 invoked by uid 99); 30 Jan 2013 14:50:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 14:50:37 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of scubafuchs@gmail.com designates 74.125.82.173 as permitted sender) Received: from [74.125.82.173] (HELO mail-we0-f173.google.com) (74.125.82.173) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 30 Jan 2013 14:50:29 +0000 Received: by mail-we0-f173.google.com with SMTP id r5so1258781wey.32 for ; Wed, 30 Jan 2013 06:50:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=/wtsggB/bbmL9TsgvHyows7/QRjVDRLaVcEgJnKTEe8=; b=j1pfJcoqU54bal6mpDqkfhcVSO7yxpZC6brjlb+JzteEiI40zNjW36kYFLPMXwAdvE TJiGy8E7f616A2m0w5v6zxCrI9nDEzIiYRJ8dL5VG0ek2FKR9kN2Jd/yoYAewsOOCM0h kXwYygQT7WWmFZoqfmM76Bf4LLnuCqgK6cuK/7+lWuKrcg6CBhD3CFd4UcXgYblBQLfh NHSYA7BnZKeyoEyWn6aRIl7Ff9De9NpnNkmUpoIyek07NLwX5E0EPw48nc9rT5sbFn5P BEnEUO4fCFjd+Urj6xjgyQEGCyeiLNClYxA4IVvWsVTh9tLG7mtsrawR4l18ot5qDO3K +/Gw== MIME-Version: 1.0 X-Received: by 10.180.96.194 with SMTP id du2mr9417557wib.19.1359557401820; Wed, 30 Jan 2013 06:50:01 -0800 (PST) Received: by 10.216.123.6 with HTTP; Wed, 30 Jan 2013 06:50:01 -0800 (PST) In-Reply-To: <51092A73.5020601@gmail.com> References: <51092A73.5020601@gmail.com> Date: Wed, 30 Jan 2013 09:50:01 -0500 Message-ID: Subject: Re: ACCUMULO-958 - Pluggable encryption in walogs From: Adam Fuchs To: dev@accumulo.apache.org Content-Type: multipart/alternative; boundary=f46d0442827cfcbeb604d4829f8f X-Virus-Checked: Checked by ClamAV on apache.org --f46d0442827cfcbeb604d4829f8f Content-Type: text/plain; charset=ISO-8859-1 Josh, Mike Allen is still working on ACCUMULO-958, and will have an updated patch in the next couple of weeks. We were hoping to get the more complete encryption strategy into 1.5, but were not able to complete it by feature freeze. However, the WAL encryption as is, when configured with the default settings, should be no harm to 1.5 -- there's no reason to pull it out or get concerned about it. We just can't advertise it as a feature of 1.5. This is one of the reasons why some of the methods are marked as deprecated. The more complete encryption story, which should be in place for the 1.6 release, should be discussed in ACCUMULO-998. Cheers, Adam On Wed, Jan 30, 2013 at 9:13 AM, Josh Elser wrote: > All, > > It's been a few days and I haven't seen much chatter at all on > ACCUMULO-958 [1] since the patch was applied. There are a couple of > concerns I have that I definitely want to see addressed before a 1.5.0 > release. > > - It worries me that the provided patch is fail-open (when we can't load > the configured encryption strategies/modules, we don't decrypt anything. I > think for a security-minded database, we should probably be defaulting to > fail-close; but, that brings up an issue, what happens when we can't > encrypt a WAL? Do minor compactions fail gracefully? What does Accumulo do? > > - John said he had been reviewing the patch before he applied it; it > bothers me that there was a version of this patch that had been reviewed > privately for some amount of time when we had already pushed back the > feature freeze date by a week waiting for features that weren't done. > > - The author noted himself with the deprecation of the CryptoModule > interface that "we anticipate changing [this] in non-backwards compatible > ways as we explore requirements for encryption in Accumulo...". This tells > me that implementation of WAL encryption overall hasn't been properly > thought out. > > Given all of this, it gives me great pause to knowingly include this patch > into a 1.5.0 release. I see no signs that this has been truly thought out, > there is no default provided encryption strategy for 1.5.0 with this patch > for the WAL and there is still no support at all for RFile encryption (no > end-to-end Accumulo encryption for a user). All of these issues considered > make me believe that this is an incomplete feature that is not ready for an > Apache Accumulo release. > > Thoughts? > > - Josh > > [1] https://issues.apache.org/**jira/browse/ACCUMULO-958 > --f46d0442827cfcbeb604d4829f8f--