| From: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Andres Freund <andres(at)anarazel(dot)de>, Antonin Houska <ah(at)cybertec(dot)at>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robert Haas <robertmhaas(at)gmail(dot)com>, Sasasu <i(at)sasa(dot)su> |
| Subject: | Re: XTS cipher mode for cluster file encryption |
| Date: | 2022-02-01 22:44:41 |
| Message-ID: | 61f9b7da.1c69fb81.5b5f4.6eb9@mx.google.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
On Tue, Feb 01, 2022 at 01:07:36PM -0500, Stephen Frost wrote:
> On Tue, Feb 1, 2022 at 12:50 Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > On Tue, Feb 1, 2022 at 07:45:06AM +0100, Antonin Houska wrote:
> > > > With pg_upgrade modified to preserve the relfilenode, tablespace
> > > > oid, and database oid, we are now closer to implementing cluster
> > > > file encryption using XTS. I think we have a few steps left:
> > > >
> > > > 1. modify temporary file I/O to use a more centralized API
> > > > 2. modify the existing cluster file encryption patch to use XTS with a
> > > > IV that uses more than the LSN
> > > > 3. add XTS regression test code like CTR
> > > > 4. create WAL encryption code using CTR
> > > >
> > > > If we can do #1 in PG 15 I think I can have #2 ready for PG 16 in July.
> > > > The feature wiki page is:
> > > >
> > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
> > > >
> > > > Do people want to advance this feature forward?
> > >
> > > I confirm that we (Cybertec) do and that we're ready to spend more
> > > time on the community implementation.
> >
> > Well, I sent an email a week ago asking if people want to advance this
> > feature forward, and so far you are the only person to reply, which I
> > think means there isn't enough interest in this feature to advance it.
>
> This confuses me. Clearly there’s plenty of interest, but asking on hackers
> in a deep old sub thread isn’t a terribly good way to judge that. Yet even
> when there is an active positive response, you argue that there isn’t
> enough.
Even more so because not Antonin not only replied as an individual, but
in the name of a whole company developing Postgres in general and TDE in
particular.
Michael
--
Michael Banck
Teamleiter PostgreSQL-Team
Projektleiter
Tel.: +49 2166 9901-171
Email: michael(dot)banck(at)credativ(dot)de
credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Geoff Richardson, Peter Lilley
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-02-01 23:37:02 | Re: Replace uses of deprecated Python module distutils.sysconfig |
| Previous Message | Nathan Bossart | 2022-02-01 22:36:40 | Re: make MaxBackends available in _PG_init |