accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Elser <josh.el...@gmail.com>
Subject Re: [DISCUSS] What to do about encryption at rest?
Date Tue, 03 Nov 2015 16:10:09 GMT
Josef Roehrl - PHEMI wrote:
> Thanks for exposing the issues on this.  I had equated 'stale' with
> incomplete, but I was missing the point entirely.  In this case, 'stale'
> equates to complete, working and stable (but not changing).

(pedantically) minus the intermediate-WAL recovery files not being encrypted

> On Sat, Oct 31, 2015 at 4:22 PM, Josef Roehrl - PHEMI<jroehrl@phemi.com>
> wrote:
>
>> For this reason, we were just thinking of waiting for Encryption at Rest
>> with HDFS.  Presumably, Accumulo could optimize encryption if it
>> implemented encryption itself with a few trade-offs.
>>
>> On Fri, Oct 30, 2015 at 10:22 PM, William Slacum<wslacum@gmail.com>
>> wrote:
>>
>>> So I've been looking into options for providing encryption at rest, and it
>>> seems like what Accumulo has is abandonware from a project perspective.
>>> There is no official documentation on how to perform encryption at rest,
>>> and the best information from its status comes from year (or greater) old
>>> ticket comments about how the feature is still experimental. Recently
>>> there
>>> was a talk that described using HDFS encryption zones as an alternative.
>>>
>>>  From my perspective, this is what I see as the current situation:
>>>
>>> 1- Encryption at rest in Accumulo isn't actively being worked on
>>> 2- Encryption at rest in Accumulo isn't part of the public API or marketed
>>> capabilities
>>> 3- Documentation for what does exist is scattered throughout Jira comments
>>> or presentations
>>> 4- A viable alternative exists that appears to have feature parity in HDFS
>>> encryption
>>> 5- HBase has finer grained encryption capabilities that extend beyond what
>>> HDFS provides
>>>
>>> Moving forward, what's the consensus for supporting this feature?
>>> Personally, I see two options:
>>>
>>> 1- Start going down a path to bring the feature into the forefront and
>>> start providing feature parity with HBase
>>>
>>> or
>>>
>>> 2- Remove the feature and place emphasis on upstream encryption offerings
>>>
>>> Any input is welcomed&  appreciated!
>>>
>>
>>
>> --
>>
>>
>> Josef Roehrl
>> Senior Software Developer
>> *PHEMI Systems*
>> 180-887 Great Northern Way
>> Vancouver, BC V5T 4T5
>> 604-336-1119
>> Website<http://www.phemi.com/>  Twitter<https://twitter.com/PHEMISystems>
>>   Linkedin
>> <http://www.linkedin.com/company/3561810?trk=tyah&amp;trkInfo=tarId%3A1403279580554%2Ctas%3Aphemi%20hea%2Cidx%3A1-1-1>
>>
>>
>>
>
>

Mime
View raw message