Greetings, * Magnus Hagander (mag...@hagander.net) wrote: > Unless we are *absolutely* certain, I bet someone will be able to find a > side-channel that somehow leaks some data or data-about-data, if we don't > encrypt everything. If nothing else, you can get use patterns out of it, > and you can make a lot from that. (E.g. by whether transactions are using > multixacts or not you can potentially determine which transaction they are, > if you know what type of transactions are being issued by the application. > In the simplest case, there might be a single pattern where multixacts end > up actually being used, and in that case being able to see the multixact > data tells you a lot about the system).
Thanks for bringing up the concern but this still doesn't strike me, at least, as being a huge gaping hole that people will have large issues with. In other words, I don't agree that this is a high bandwidth side channel and I don't think that it, alone, brings up a strong need to encrypt clog and multixact. > As for other things -- by default, we store the log files in text format in > the data directory. That contains *loads* of sensitive data in a lot of > cases. Will those also be encrypted? imv, this is a largely independent thing, as I said elsewhere, and has its own set of challenges and considerations to deal with. Thanks, Stephen
signature.asc
Description: PGP signature
