| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: Moving forward with TDE |
| Date: | 2022-11-15 19:07:54 |
| Message-ID: | CAAWbhmhtWPc9XbtVRbY3XFkDb9zGDukRofWvEWrSJAeVYjviXQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Oct 24, 2022 at 9:29 AM David Christensen
<david(dot)christensen(at)crunchydata(dot)com> wrote:
> I would love to open a discussion about how to move forward and get
> some of these features built out. The historical threads here are
> quite long and complicated; is there a "current state" other than the
> wiki that reflects the general thinking on this feature? Any major
> developments in direction that would not be reflected in the code from
> May 2021?
I don't think the patchset here has incorporated the results of the
discussion [1] that happened at the end of 2021. For example, it looks
like AES-CTR is still in use for the pages, which I thought was
already determined to be insufficient.
The following next steps were proposed in that thread:
> 1. modify temporary file I/O to use a more centralized API
> 2. modify the existing cluster file encryption patch to use XTS with a
> IV that uses more than the LSN
> 3. add XTS regression test code like CTR
> 4. create WAL encryption code using CTR
Does this patchset need review before those steps are taken (or was
there additional conversation/work that I missed)?
Thanks,
--Jacob
[1] https://www.postgresql.org/message-id/flat/20211013222648.GA373%40momjian.us
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2022-11-15 19:19:02 | Re: Add palloc_aligned() to allow arbitrary power of 2 memory alignment |
| Previous Message | Andres Freund | 2022-11-15 19:04:25 | Re: meson oddities |