Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 84788 invoked from network); 14 Jan 2008 17:23:30 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Jan 2008 17:23:30 -0000 Received: (qmail 27186 invoked by uid 500); 14 Jan 2008 17:23:19 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 27142 invoked by uid 500); 14 Jan 2008 17:23:19 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 27131 invoked by uid 99); 14 Jan 2008 17:23:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jan 2008 09:23:19 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of elecharny@gmail.com designates 72.14.220.154 as permitted sender) Received: from [72.14.220.154] (HELO fg-out-1718.google.com) (72.14.220.154) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jan 2008 17:22:53 +0000 Received: by fg-out-1718.google.com with SMTP id e12so2323239fga.3 for ; Mon, 14 Jan 2008 09:22:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=dRjXcv8ceTLgI44H6FZtJfI+Gx+Ls7Hd7egsA4W3c4Y=; b=nNT4V/FBHJEj/JOvXX3ZyDvwOfMijT/zROF/2+F4+DXA/BvNe+HWw1sfqBIjCs+BmsdfaPlb4W/B8YMMLdGO+WKAvdbrhb1bJPIUpAIaJ0tpESPJ8uPFKMhu5jvRyaLchYGsvhWjEaujFUsBcZspOUdb+4emlPBvFQXKekDLijc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=PYGfnximRTW9VReuWxjyTY5occicfxBC+XRaExcrlVNauI5a1cT3CR6n2oufEOARCJyaXyM4OJpd5PfuUMWjwT2jEzM+UroFcXw0ycwcPAwoc9PVBQ4Pb37zjNp1/D15Q3zSwsBFrfGQMBsb4FxvCFIXFsEPEnK3zPeO5dPP1cc= Received: by 10.86.58.3 with SMTP id g3mr6471375fga.1.1200331377544; Mon, 14 Jan 2008 09:22:57 -0800 (PST) Received: from ?192.168.1.5? ( [82.245.116.110]) by mx.google.com with ESMTPS id j12sm9490548fkf.6.2008.01.14.09.22.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 14 Jan 2008 09:22:56 -0800 (PST) Message-ID: <478B9A43.3090907@gmail.com> Date: Mon, 14 Jan 2008 18:22:11 +0100 From: Emmanuel Lecharny User-Agent: Thunderbird 1.5.0.14pre (X11/20071023) MIME-Version: 1.0 To: Apache Directory Developers List Subject: Re: Entry serialization References: <478B92D6.1040300@gmail.com> <478B9778.7070905@levigo.de> In-Reply-To: <478B9778.7070905@levigo.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org J�rg Henne wrote: > Emmanuel Lecharny wrote: >> as I need to rewrite the serialization for ServerEntry, >> ServerAttribute, ServerValue, DN, RDN and AttributeTypeAndValue, I >> have had some ideas, and I would like to know your opinion : >> >> - what about adding a flag to tell the serialization methods (those >> classes are Externalizable) to encrypt/decrypt the data on disk ? Tis >> would be a much better solution than to define an encryption option >> to be added to all the attributes (like "cn;encrypted=fR5*za"). All >> the data will be encrypted before being serialized to disk. It would >> be off by default, of course > To make the encryption cryptographically sound, the message to be > encrypted must be sufficiently random. In a scheme where each entry is > encrypted individually, this requires an initialization vector (i.e. > some random bits) which amounts to relatively high percentage of > wasted space. A scheme where the encryption happens in larger chunks > (e.g. B-Tree nodes or pages) will typically have better "randomness" > in the first place and reduce the space wasted by the iv. > I don't know how the storage engine works at the bottom end, but I'd > guess that this would be a better place to do encryption. The idea is not to build a 100% secure system. There are better ways to do that (for instance, relying on an encrypted file system on linux, etc). The thing is that with an encryption on entries, during the serialization, we will be able to keep an encrypted version of an entry on disk AND in memory, as we store the read entry in a cache. Let's say it's a step in the right direction for people who want some better security when it comes to store personal data, which is likely with a LDAP server. -- -- cordialement, regards, Emmanuel L�charny www.iktek.com directory.apache.org