Quick Links

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)

From:	Joe Conway <mail(at)joeconway(dot)com>
To:	Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com>, Tomas Vondra <tomas(dot)vondra(at)2ndquadrant(dot)com>
Cc:	Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Antonin Houska <ah(at)cybertec(dot)at>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, "Moon, Insung" <Moon_Insung_i3(at)lab(dot)ntt(dot)co(dot)jp>, Ibrar Ahmed <ibrar(dot)ahmad(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Date:	2019-06-17 12:39:27
Message-ID:	bb234791-6c1c-6acf-d2c5-0336a2f90428@joeconway.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 6/17/19 8:29 AM, Masahiko Sawada wrote:
> From perspective of cryptographic, I think the fine grained TDE would
> be better solution. Therefore if we eventually want the fine grained
> TDE I wonder if it might be better to develop the table/tablespace TDE
> first while keeping it simple as much as possible in v1, and then we
> can provide the functionality to encrypt other data in database
> cluster to satisfy the encrypting-everything requirement. I guess that
> it's easier to incrementally add encryption target objects rather than
> making it fine grained while not changing encryption target objects.
>
> FWIW I'm writing a draft patch of per tablespace TDE and will submit
> it in this month. We can more discuss the complexity of the proposed
> TDE using it.

Looking forward to it.

Joe

--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development

In response to

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-06-17 12:29:44 from Masahiko Sawada

Responses

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS) at 2019-06-17 14:02:23 from Tomas Vondra

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Michael Paquier	2019-06-17 12:43:48	Re: pg_log_fatal vs pg_log_error
Previous Message	Masahiko Sawada	2019-06-17 12:29:44	Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)