ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vladimir Ozerov <voze...@gridgain.com>
Subject Re: IEP-18: Transparent Data Encryption
Date Mon, 09 Apr 2018 08:35:28 GMT
Hi Nikolay,

First of all thank you for excellent summary. Two-tiered key management is
well respected technique and makes perfect sense to me. However, several
questions regarding architecture arises:
1) Why do you propose to store CEK in separate cache? We consider storing
any metadata in system caches as antipattern from our previous experience.
Instead, we can store these keys near actual cache data. E.g. in separate
file located near data files.
2) I do not think that decryption process should require any
"administrator" role and passwords. Instead, we can have a kind of
pluggable interface which will provide decrypted MEK on demand when it is
needed. This should be pre-configured in advance on server node(s). AFAIK
this is how a number of other vendors work.
3) CEK decryption should not be tied to MEK decryption. Main reason - CEK
could be required during dynamic cache/table creation. So there should be
no coupling between activation and CEK processing.
4) I do not think that SSL should be a strict requirement. It is up to the
user to asses the risks.

On Fri, Apr 6, 2018 at 9:59 PM, Denis Magda <dmagda@apache.org> wrote:

> Nikolay, Dmitriy R.,
>
> Thanks for the research and for writing down a summary in the IEP form.
>
> Please answer several high-level questions:
>
>    - Is it necessary to have CEP keys for every cache? Not sure how all the
>    keys will be managed if the user wants to encrypt 10-100 caches. Is it
>    possible to use a single CEP by default with an option of having a
> unique
>    one for a cache with more sensitive information?
>    - It's not written, but I guess it would be up to me which caches to
>    encrypt, right? In practice, you don't need to have all the data
> encrypted.
>    Usually, companies look to hide personal, payments history, etc.
>    - Should we think of procedures of CEP keys regeneration? A key can be
>    lost or stolen.
>    - Similar question goes for MEP key.
>
> --
> Denis
>
> On Thu, Apr 5, 2018 at 2:15 PM, Dmitriy Setrakyan <dsetrakyan@apache.org>
> wrote:
>
> > Here is a correct link to IEP:
> > https://cwiki.apache.org/confluence/display/IGNITE/IEP-
> > 18%3A+Transparent+Data+Encryption
> >
> > On Thu, Apr 5, 2018 at 12:01 PM, Nikolay Izhikov <nizhikov@apache.org>
> > wrote:
> >
> > > Hello, Igniters.
> > >
> > > Based on previous discussion [1] we've created "IEP-18: Transparent
> Data
> > > Encryption" [2]
> > > I've planned to start implementation of TDE in few weeks.
> > > I will create JIRA ticket for each piece of implementation.
> > >
> > > So, please, see IEP-18 and give us feedback.
> > >
> > > Dima Ryabov, huge thanks for pushing TDE IEP forward.
> > >
> > > [1] http://apache-ignite-developers.2346864.n4.nabble.
> > > com/Transparent-Data-Encryption-TDE-in-Apache-Ignite-td18957.html
> > > [2] https://cwiki.apache.org/confluence/pages/viewpage.
> > > action?pageId=75979078
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message