Hello, Denis > Is it necessary to have CEP keys for every cache?
With current design, It's necessary to have difference CEK for every encrypted cache. I don't this it's an issue because CEK should be generated automatically and stored internally in Ignite. Cluster administrator should manage MEK to have > I guess it would be up to me which caches to encrypt, right? Yes. User can enable TDE for any caches he want. Other caches will work without any changes. > Should we think of procedures of CEP keys regeneration? > Similar question goes for MEP key. Yes, we should! Good catch, thank you. I think, it questionable, should we provide such feature in the first release? Will be added to IEP, anyway. В Пт, 06/04/2018 в 11:59 -0700, Denis Magda пишет: > Nikolay, Dmitriy R., > > Thanks for the research and for writing down a summary in the IEP form. > > Please answer several high-level questions: > > - Is it necessary to have CEP keys for every cache? Not sure how all the > keys will be managed if the user wants to encrypt 10-100 caches. Is it > possible to use a single CEP by default with an option of having a unique > one for a cache with more sensitive information? > - It's not written, but I guess it would be up to me which caches to > encrypt, right? In practice, you don't need to have all the data encrypted. > Usually, companies look to hide personal, payments history, etc. > - Should we think of procedures of CEP keys regeneration? A key can be > lost or stolen. > - Similar question goes for MEP key. > > -- > Denis > > On Thu, Apr 5, 2018 at 2:15 PM, Dmitriy Setrakyan <dsetrak...@apache.org> > wrote: > > > Here is a correct link to IEP: > > https://cwiki.apache.org/confluence/display/IGNITE/IEP- > > 18%3A+Transparent+Data+Encryption > > > > On Thu, Apr 5, 2018 at 12:01 PM, Nikolay Izhikov <nizhi...@apache.org> > > wrote: > > > > > Hello, Igniters. > > > > > > Based on previous discussion [1] we've created "IEP-18: Transparent Data > > > Encryption" [2] > > > I've planned to start implementation of TDE in few weeks. > > > I will create JIRA ticket for each piece of implementation. > > > > > > So, please, see IEP-18 and give us feedback. > > > > > > Dima Ryabov, huge thanks for pushing TDE IEP forward. > > > > > > [1] http://apache-ignite-developers.2346864.n4.nabble. > > > com/Transparent-Data-Encryption-TDE-in-Apache-Ignite-td18957.html > > > [2] https://cwiki.apache.org/confluence/pages/viewpage. > > > action?pageId=75979078 > > >
signature.asc
Description: This is a digitally signed message part
