| From: | Matthias van de Meent <boekewurm+postgres(at)gmail(dot)com> |
|---|---|
| To: | David Christensen <david(dot)christensen(at)crunchydata(dot)com> |
| Cc: | vignesh C <vignesh21(at)gmail(dot)com>, Aleksander Alekseev <aleksander(at)timescale(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Subject: | Re: Moving forward with TDE [PATCH v3] |
| Date: | 2023-11-02 21:09:40 |
| Message-ID: | CAEze2WgxHRptui-4AxUzpRe5GPzJ_azNd_30nN5Hz7FijYQ2QA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 31 Oct 2023 at 22:23, David Christensen
<david(dot)christensen(at)crunchydata(dot)com> wrote:
>
> Greetings,
>
> I am including an updated version of this patch series; it has been rebased onto 6ec62b7799 and reworked somewhat.
>
> The patches are as follows:
>
> 0001 - doc updates
> 0002 - Basic key management and cipher support
> 0003 - Backend-related changes to support heap encryption
I'm quite surprised at the significant number of changes being made
outside the core storage manager files. I thought that changing out
mdsmgr with an encrypted smgr (that could wrap mdsmgr if so desired)
would be the most obvious change to implement cluster-wide encryption
with the least code touched, as relations don't need to know whether
the files they're writing are encrypted, right? Is there a reason to
not implement this at the smgr level that I overlooked in the
documentation of these patches?
Kind regards,
Matthias van de Meent
Neon (https://neon.tech)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tomas Vondra | 2023-11-02 21:25:16 | Re: Detoasting optionally to make Explain-Analyze less misleading |
| Previous Message | Paul Jungwirth | 2023-11-02 20:21:37 | Re: SQL:2011 application time |