Re: Resurrection of CASSANDRA-9633 - SSTable encryption

[Jeff Jirsa]

> On Nov 19, 2021, at 2:53 PM, Joseph Lynch <joe.e.ly...@gmail.com> wrote:
> 
> 
>> 
>> For better or worse, different threat models mean that it’s not strictly 
>> better to do FDE and some use cases definitely want this at the db layer 
>> instead of file system.
> 
> Do you mind elaborating which threat models? The only one I can think
> of is users can log onto the database machine and have read access to
> the cassandra data directory but not read access to wherever the keys
> are?

Basically that - one where shell access is more likely (with or without LPE 
being required to get to the mounted volume). LPE being required in the common 
case for either makes them effectively the same, one just makes auditors much 
happier than the other.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@cassandra.apache.org
For additional commands, e-mail: dev-h...@cassandra.apache.org