Hi Sonke Very much needed feature and discussion. FYI the image links seem broken.
My 2 cents (if I understood correctly): you say "This process will be implemented after Serializer and Interceptors are done with the message right before it is added to the batch to be sent, in order to ensure that existing serializers and interceptors keep working with encryption just like without it." I think encryption should happen AFTER a batch is created, right before it is sent. Reason is that if we want to still keep advantage of compression, encryption needs to happen after it (and I believe compression happens on a batch level). So to me for a producer: serializer / interceptors => batching => compression => encryption => send. and the inverse for a consumer. Regards Stephane On 19 June 2018 at 06:46, Sönke Liebau <soenke.lie...@opencore.com.invalid> wrote: > Hi everybody, > > I've created a draft version of KIP-317 which describes the addition > of transparent data encryption functionality to Kafka. > > Please consider this as a basis for discussion - I am aware that this > is not at a level of detail sufficient for implementation, but I > wanted to get some feedback from the community on the general idea > before spending more time on this. > > Link to the KIP is: > https://cwiki.apache.org/confluence/display/KAFKA/KIP- > 317%3A+Add+transparent+data+encryption+functionality > > Best regards, > Sönke >
