ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nikolay Izhikov <nizhi...@apache.org>
Subject Re: IEP-18: Transparent Data Encryption
Date Mon, 09 Apr 2018 14:55:45 GMT
Hello, Denis

> Is it necessary to have CEP keys for every cache?

With current design, It's necessary to have difference CEK for every encrypted cache.
I don't this it's an issue because CEK should be generated automatically and stored internally
in Ignite.
Cluster administrator should manage MEK to have 

> I guess it would be up to me which caches to encrypt, right? 

Yes. User can enable TDE for any caches he want.
Other caches will work without any changes.

> Should we think of procedures of CEP keys regeneration?
> Similar question goes for MEP key.

Yes, we should! Good catch, thank you.
I think, it questionable, should we provide such feature in the first release?
Will be added to IEP, anyway.


В Пт, 06/04/2018 в 11:59 -0700, Denis Magda пишет:
> Nikolay, Dmitriy R.,
> 
> Thanks for the research and for writing down a summary in the IEP form.
> 
> Please answer several high-level questions:
> 
>    - Is it necessary to have CEP keys for every cache? Not sure how all the
>    keys will be managed if the user wants to encrypt 10-100 caches. Is it
>    possible to use a single CEP by default with an option of having a unique
>    one for a cache with more sensitive information?
>    - It's not written, but I guess it would be up to me which caches to
>    encrypt, right? In practice, you don't need to have all the data encrypted.
>    Usually, companies look to hide personal, payments history, etc.
>    - Should we think of procedures of CEP keys regeneration? A key can be
>    lost or stolen.
>    - Similar question goes for MEP key.
> 
> --
> Denis
> 
> On Thu, Apr 5, 2018 at 2:15 PM, Dmitriy Setrakyan <dsetrakyan@apache.org>
> wrote:
> 
> > Here is a correct link to IEP:
> > https://cwiki.apache.org/confluence/display/IGNITE/IEP-
> > 18%3A+Transparent+Data+Encryption
> > 
> > On Thu, Apr 5, 2018 at 12:01 PM, Nikolay Izhikov <nizhikov@apache.org>
> > wrote:
> > 
> > > Hello, Igniters.
> > > 
> > > Based on previous discussion [1] we've created "IEP-18: Transparent Data
> > > Encryption" [2]
> > > I've planned to start implementation of TDE in few weeks.
> > > I will create JIRA ticket for each piece of implementation.
> > > 
> > > So, please, see IEP-18 and give us feedback.
> > > 
> > > Dima Ryabov, huge thanks for pushing TDE IEP forward.
> > > 
> > > [1] http://apache-ignite-developers.2346864.n4.nabble.
> > > com/Transparent-Data-Encryption-TDE-in-Apache-Ignite-td18957.html
> > > [2] https://cwiki.apache.org/confluence/pages/viewpage.
> > > action?pageId=75979078
> > > 
Mime
View raw message