From: | Andrey Borodin <x4mmm(at)yandex-team(dot)ru> |
---|---|
To: | Tomas Vondra <tomas(dot)vondra(at)enterprisedb(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Daniel Gustafsson <daniel(at)yesql(dot)se>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: Commitfest 2021-11 Patch Triage - Part 2 |
Date: | 2021-11-14 09:59:51 |
Message-ID: | 513391636883991@vla1-4ea76ba32639.qloud-c.yandex.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On 11/10/21 16:54, Andrey Borodin wrote:
>
>> Compression is crucial for highly available setups. Replication traffic is often billed. Or route has bandwidth limits.
>> An entropy added by WAL headers makes CRIME attack against replication encryption impractical.
>
> I very much doubt WAL headers are a reliable protection against CRIME,
> because the entropy of the headers is likely fairly constant. So if you
> compress the WAL stream, the WAL headers may change but the compression
> ratio should be pretty similar. At least that's my guess.
I've thought more about it and I agree.
To reliably protect against CRIME entropy of WAL headers must be comparable with the entropy of possibly injected data.
If this would stand, probably, our WAL would need a really serious rework.
Maybe just refuse to enable compression on SSL connection? If someone really needs both - they will just patch a server on their own.
Or make a GUC "yes_i_kwow_what_crime_is_give_grant_read_on_my_data_to_spies".
Best regards, Andrey Borodin.
From | Date | Subject | |
---|---|---|---|
Next Message | Shinya Kato | 2021-11-14 10:03:59 | Emit a warning if the extension's GUC is set incorrectly |
Previous Message | Peter Eisentraut | 2021-11-14 09:49:46 | Re: make update-po problem with USE_PGXS |