Re: storing an explicit nonce

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, Amit Kapila <amit.kapila16@gmail.com>, Andres Freund <andres@anarazel.de>, Masahiko Sawada <masahiko.sawada@2ndquadrant.com>, Masahiko Sawada <sawada.mshk@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Robert Haas <robertmhaas@gmail.com>, Thomas Munro <thomas.munro@gmail.com>, Tom Kincaid <tomjohnkincaid@gmail.com>
Date: 2021-05-25T21:30:06Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Rethink method for assigning OIDs to the template0 and postgres DBs.

  2. pg_upgrade: Preserve database OIDs.

  3. pg_upgrade: Preserve relfilenodes and tablespace OIDs.

  4. Fix for new Boolean node

  5. Improve error handling of HMAC computations

  6. Add macro RelationIsPermanent() to report relation permanence

  7. Enhance nbtree index tuple deletion.

On Tue, May 25, 2021 at 05:25:36PM -0400, Stephen Frost wrote:
> Greetings,
> 
> * Bruce Momjian (bruce@momjian.us) wrote:
> > On Tue, May 25, 2021 at 05:15:55PM -0400, Stephen Frost wrote:
> > > > We already discussed that there are too many other ways to break system
> > > > integrity that are not encrypted/integrity-checked, e.g., changes to
> > > > clog.  Do you disagree?
> > > 
> > > We had agreed that this wasn't something that was strictly required in
> > > the first version and I continue to agree with that.  On the other hand,
> > > if we decide that we ultimately need to use an independent nonce and
> > > further that we can make room in the special space for it, then it's
> > > trivial to also include the tag and we absolutely should (or make it
> > > optional to do so) in that case.
> > 
> > Well, if we can't really say the data has integrity, what does the
> > validation bytes accomplish?  And if are going to encrypt everything
> > that would allow integrity, we need to encrypt almost the entire file
> > system.
> 
> I'm not following this logic.  The primary data would be guaranteed to
> be unchanged and there is absolutely value in that, even if the metadata
> is not guaranteed to be unmolested.  Security always comes with a lot of
> tradeoffs.  RLS doesn't prevent certain side-channel attacks but it
> still is extremely useful in a great many cases.

Well, changing the clog would change how the integrity-protected data is
interpreted, so I don't see much value in it.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.