Josh, Mike Allen is still working on ACCUMULO-958, and will have an updated patch in the next couple of weeks. We were hoping to get the more complete encryption strategy into 1.5, but were not able to complete it by feature freeze. However, the WAL encryption as is, when configured with the default settings, should be no harm to 1.5 -- there's no reason to pull it out or get concerned about it. We just can't advertise it as a feature of 1.5. This is one of the reasons why some of the methods are marked as deprecated.
The more complete encryption story, which should be in place for the 1.6 release, should be discussed in ACCUMULO-998. Cheers, Adam On Wed, Jan 30, 2013 at 9:13 AM, Josh Elser <josh.el...@gmail.com> wrote: > All, > > It's been a few days and I haven't seen much chatter at all on > ACCUMULO-958 [1] since the patch was applied. There are a couple of > concerns I have that I definitely want to see addressed before a 1.5.0 > release. > > - It worries me that the provided patch is fail-open (when we can't load > the configured encryption strategies/modules, we don't decrypt anything. I > think for a security-minded database, we should probably be defaulting to > fail-close; but, that brings up an issue, what happens when we can't > encrypt a WAL? Do minor compactions fail gracefully? What does Accumulo do? > > - John said he had been reviewing the patch before he applied it; it > bothers me that there was a version of this patch that had been reviewed > privately for some amount of time when we had already pushed back the > feature freeze date by a week waiting for features that weren't done. > > - The author noted himself with the deprecation of the CryptoModule > interface that "we anticipate changing [this] in non-backwards compatible > ways as we explore requirements for encryption in Accumulo...". This tells > me that implementation of WAL encryption overall hasn't been properly > thought out. > > Given all of this, it gives me great pause to knowingly include this patch > into a 1.5.0 release. I see no signs that this has been truly thought out, > there is no default provided encryption strategy for 1.5.0 with this patch > for the WAL and there is still no support at all for RFile encryption (no > end-to-end Accumulo encryption for a user). All of these issues considered > make me believe that this is an incomplete feature that is not ready for an > Apache Accumulo release. > > Thoughts? > > - Josh > > [1] > https://issues.apache.org/**jira/browse/ACCUMULO-958<https://issues.apache.org/jira/browse/ACCUMULO-958> >
