| From: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
|---|---|
| To: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Commitfest 2021-11 Patch Triage - Part 2 |
| Date: | 2021-11-14 09:59:51 |
| Message-ID: | 513391636883991@vla1-4ea76ba32639.qloud-c.yandex.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> On 11/10/21 16:54, Andrey Borodin wrote:
>
>> Compression is crucial for highly available setups. Replication traffic is often billed. Or route has bandwidth limits.
>> An entropy added by WAL headers makes CRIME attack against replication encryption impractical.
>
> I very much doubt WAL headers are a reliable protection against CRIME,
> because the entropy of the headers is likely fairly constant. So if you
> compress the WAL stream, the WAL headers may change but the compression
> ratio should be pretty similar. At least that's my guess.
I've thought more about it and I agree.
To reliably protect against CRIME entropy of WAL headers must be comparable with the entropy of possibly injected data.
If this would stand, probably, our WAL would need a really serious rework.
Maybe just refuse to enable compression on SSL connection? If someone really needs both - they will just patch a server on their own.
Or make a GUC "yes_i_kwow_what_crime_is_give_grant_read_on_my_data_to_spies".
Best regards, Andrey Borodin.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shinya Kato | 2021-11-14 10:03:59 | Emit a warning if the extension's GUC is set incorrectly |
| Previous Message | Peter Eisentraut | 2021-11-14 09:49:46 | Re: make update-po problem with USE_PGXS |