On 2020-03-12 12:29, Robert Samuel Newson wrote:
Hi All, Our team at IBM are working on native encryption of document content for the Cloudant service and are wondering if there'd be interest (or objection!) to this landing as a CouchDB feature?
Yes!
This is only targeted at the (future) CouchDB 4.0 release which introduces FoundationDB as the persistence layer and, as stated above, currently only for document bodies. This would be a configuration option (and presumably disabled by default). I'll spare us all the crypto details for now (besides pointing out they've been reviewed by our in-house cryptographers and use only public algorithms and techniques in a straightforward manner).
Will the code be platform independent (or at least NIFfed in a way that supports compiling on Mac, FreeBSD, Windows?)
Is there any impact on our CouchDB API surface, other than enabling/disabling document encryption?
Is there any intersection with the _access work Jan is working on?
Thoughts? B.
