hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-9644) Update encryption documentation to reflect nested EZs
Date Thu, 11 Feb 2016 20:05:18 GMT

    [ https://issues.apache.org/jira/browse/HDFS-9644?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15143406#comment-15143406

Andrew Wang commented on HDFS-9644:

Overall looks good, thanks for fixing the anchors. Few comments:

* Rather than "lowest ancestor" I would say "closest ancestor" since trees can be drawn splaying
* Recommend introducing the section with the rename restriction before explaining why, e.g.
"HDFS restricts renames into and out of an encryption zone. This includes renames of unencrypted
contents into...<give some examples>".
* "All file EDEKs under an encryption zone are generated with its encryption zone key." change
"generated" to "encrypted", "its" to "the"
* The reason for the rename restriction is for security / ease of management. Imagine a situation
where an EZ key is compromised. We want a way of identifying all potentially vulnerable files,
and re-encrypting them. This is easy if all files must remain within the EZ. It's hard if
they can be scattered anywhere around the filesystem. We also store the EZ key version in
the xattr, so there's no memory overhead savings.
* "encryption zone status" is a new phrase and not used again, so I don't think we need to
introduce it.

> Update encryption documentation to reflect nested EZs
> -----------------------------------------------------
>                 Key: HDFS-9644
>                 URL: https://issues.apache.org/jira/browse/HDFS-9644
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: documentation, encryption
>    Affects Versions: 2.7.1
>            Reporter: Zhe Zhang
>            Assignee: Zhe Zhang
>         Attachments: HDFS-9644.00.patch

This message was sent by Atlassian JIRA

View raw message