Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Joe Conway <mail@joeconway.com>
Cc: Masahiko Sawada <sawada.mshk@gmail.com>, Robert Haas <robertmhaas@gmail.com>, Tomas Vondra <tomas.vondra@2ndquadrant.com>, Antonin Houska <ah@cybertec.at>, Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-06-16T01:28:28Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
On Fri, Jun 14, 2019 at 02:27:17PM -0400, Joe Conway wrote: > On 6/13/19 11:07 AM, Bruce Momjian wrote: > > On Thu, Jun 13, 2019 at 04:26:47PM +0900, Masahiko Sawada wrote: > >> Yeah, in principle since data key of 2 tier key architecture should > >> not go outside database I think we should not tell data keys to > >> utility commands. So the rearranging WAL format seems to be a better > >> solution but is there any reason why the main data is placed at end of > >> WAL record? I wonder if we can assemble WAL records as following order > >> and encrypt only 3 and 4. > >> > >> 1. Header data (XLogRecord and other headers) > >> 2. Main data (xl_heap_insert, xl_heap_update etc + related data) > >> 3. Block data (Tuple data, FPI) > >> 4. Sub data (e.g tuple data for logical decoding) > > > > Yes, that does sound like a reasonable idea. It is similar to us not > > encrypting the clog --- there is little value. However, if we only > > encrypt the cluster, we don't need to expose the relfilenode and we can > > just encrypt the entire WAL --- I like that simplicity. We might find > > that the complexity of encrypting only certain tablespaces makes the > > system slower than just encrypting the entire cluster. > > > There are reasons other than performance to want more granular than > entire cluster encryption. Limiting the volume of encrypted data with > any one key for example. And not encrypting #1 & 2 above would help > avoid known-plaintext attacks I would think. There are no known non-exhaustive plaintext attacks on AES: https://crypto.stackexchange.com/questions/1512/why-is-aes-resistant-to-known-plaintext-attacks Even if we don't encrypt the first part of the WAL record (1 & 2), the block data (3) probably has enough format for a plaintext attack. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +