hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-10899) Add functionality to re-encrypt EDEKs
Date Tue, 22 Aug 2017 23:10:00 GMT

    [ https://issues.apache.org/jira/browse/HDFS-10899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16137468#comment-16137468
] 

Wei-Chiu Chuang edited comment on HDFS-10899 at 8/22/17 11:09 PM:
------------------------------------------------------------------

Thanks for the rev015 patch!

Looks like all the concerns found in the reviews are addressed.

Given that 
# this feature does not affect existing functionality if not used,
# there is sufficient proof that it works in an integrated scale test,
# and all deficiencies are considered and addressed,

I would like to vote my +1 for the latest, rev 015 patch (pending Jenkins and checkstyle),
and will proceed to commit the patch after 24 hours if there's no objection. If there are
minor derfinciecies found afterwards, I'd like to suggest deferring them to a new jira.


was (Author: jojochuang):
Thanks for the rev015 patch!

Looks like all the concerns found in the reviews are addressed.

Given that 
# this feature does not affect existing functionality if not used,
# there is sufficient proof that it works in an integrated scale test,
# and all deficiencies are considered and addressed,

I would like to vote my +1 for the latest, rev 015 patch (pending Jenkins and checkstyle),
and will proceed to commit the patch after 24 hours if there's no object. If there are minor
derfinciecies found afterwards, I'd like to suggest deferring them to a new jira.

> Add functionality to re-encrypt EDEKs
> -------------------------------------
>
>                 Key: HDFS-10899
>                 URL: https://issues.apache.org/jira/browse/HDFS-10899
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: encryption, kms
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: editsStored, HDFS-10899.01.patch, HDFS-10899.02.patch, HDFS-10899.03.patch,
HDFS-10899.04.patch, HDFS-10899.05.patch, HDFS-10899.06.patch, HDFS-10899.07.patch, HDFS-10899.08.patch,
HDFS-10899.09.patch, HDFS-10899.10.patch, HDFS-10899.10.wip.patch, HDFS-10899.11.patch, HDFS-10899.12.patch,
HDFS-10899.13.patch, HDFS-10899.14.patch, HDFS-10899.15.patch, HDFS-10899.wip.2.patch, HDFS-10899.wip.patch,
Re-encrypt edek design doc.pdf, Re-encrypt edek design doc V2.pdf
>
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect on new EDEKs.
We should provide a way to re-encrypt EDEKs after the EZ key rotation, for improved security.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-issues-help@hadoop.apache.org


Mime
View raw message