hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhe Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-6987) Move CipherSuite xattr information up to the encryption zone root
Date Wed, 17 Sep 2014 18:15:34 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14137679#comment-14137679
] 

Zhe Zhang commented on HDFS-6987:
---------------------------------

When we move these to the EZ root, what happens when the file is snapshotted without the EZ
root?

* _t0_: /ez/dir/ is created and made an EZ, initialized with a {{keyName}} and a {{cipherSuite}};
/ez/dir/foo also created
* _t1_: /ez/dir snapshotted 
* _t2_: Encryption info (e.g., {{cipherSuite}}) updated on /ez/
* _t3_: Client reads snapshot of /ez/dir/foo created at _t1_ . Because /ez/ was never snapshotted
we have to use the current encryption info updated at _t2_, which seems problematic

Thoughts?

> Move CipherSuite xattr information up to the encryption zone root
> -----------------------------------------------------------------
>
>                 Key: HDFS-6987
>                 URL: https://issues.apache.org/jira/browse/HDFS-6987
>             Project: Hadoop HDFS
>          Issue Type: Sub-task
>          Components: encryption
>    Affects Versions: 2.6.0
>            Reporter: Andrew Wang
>            Assignee: Zhe Zhang
>
> All files within a single EZ need to be encrypted with the same CipherSuite. Because
of this, I think we can store the CipherSuite once in the EZ rather than on each file.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message