On 05/21/18 09:57, Andrew Gallagher wrote: > On 21/05/18 14:35, Phil Stracchino wrote: >> What MySQL (from mid-5.7 on) does for tablespace encryption might be of >> note here. MySQL uses a fixed table key for each encrypted InnoDB >> table, but encrypts the table keys with a master key which is >> periodically rotated. This allows regular rotation of the master >> encryption key that protects all of the table keys, without having to >> decrypt and re-encrypt possibly terabytes of table data. > > The equivalent in PGP is to replace the asymmetric encryption layer but > keep the same symmetric session key. But this assumes that the symmetric > encryption remains sound. In the efail scenaroio at least, we also > probably want to replace the symmetric algorithm (3DES, CAST5).
However, that would probably be a one-time operation, not a mopnthly rotation. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net