From: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
---|---|
To: | Jacob Champion <jchampion(at)timescale(dot)com> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
Subject: | Re: Moving forward with TDE |
Date: | 2022-11-15 19:39:27 |
Message-ID: | BAA9BAE3-4B68-4298-A555-912DB2D1DE64@crunchydata.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
> On Nov 15, 2022, at 1:08 PM, Jacob Champion <jchampion(at)timescale(dot)com> wrote:
>
> On Mon, Oct 24, 2022 at 9:29 AM David Christensen
> <david(dot)christensen(at)crunchydata(dot)com> wrote:
>> I would love to open a discussion about how to move forward and get
>> some of these features built out. The historical threads here are
>> quite long and complicated; is there a "current state" other than the
>> wiki that reflects the general thinking on this feature? Any major
>> developments in direction that would not be reflected in the code from
>> May 2021?
>
> I don't think the patchset here has incorporated the results of the
> discussion [1] that happened at the end of 2021. For example, it looks
> like AES-CTR is still in use for the pages, which I thought was
> already determined to be insufficient.
Good to know about the next steps, thanks.
> The following next steps were proposed in that thread:
>
>> 1. modify temporary file I/O to use a more centralized API
>> 2. modify the existing cluster file encryption patch to use XTS with a
>> IV that uses more than the LSN
>> 3. add XTS regression test code like CTR
>> 4. create WAL encryption code using CTR
>
> Does this patchset need review before those steps are taken (or was
> there additional conversation/work that I missed)?
This was just a refresh of the old patches on the wiki to work as written on HEAD. If there are known TODOs here this then that work is still needing to be done.
I was going to take 2) and Stephen was going to work on 3); I am not sure about the other two but will review the thread you pointed to. Thanks for pointing that out.
David
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2022-11-15 19:50:05 | Re: HOT chain validation in verify_heapam() |
Previous Message | Andres Freund | 2022-11-15 19:29:54 | Re: Add sub-transaction overflow status in pg_stat_activity |