Hello, Igniters.
We had private discussion of this design with Anton Vinogradov, Vladimir
Ozerov, Alexey Goncharyuk.
Design need to be improved in the following ways:
1. Clear recovery logic should be written.
2. Clear process of atomic cache keys and master key change should be written.
3. We
Hello.
Deisgn updated [1]
Please, share your feedback
[1] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=95652381
В Вт, 23/10/2018 в 21:49 +0300, Nikolay Izhikov пишет:
> Hello, Anton.
>
> Thank you for your very usefull feedback!
>
> I accept your proposals.
> Seems it mak
Hello, Anton.
Thank you for your very usefull feedback!
I accept your proposals.
Seems it makes this feature more robust and clear.
Will update design in confluence in a couple of hours.
В Вт, 23/10/2018 в 19:18 +0300, Anton Vinogradov пишет:
> Nikolay,
>
> I have some comments.
>
> 1) Master
Nikolay,
I have some comments.
1) Master key setup and removal is a responsibility of system administrator.
No matter how he will set a new master key or remove an old.
The only need it to have both keys, new and old, installed before starting
the rotation process.
2) Master Key rotation is a pr
Hello, Igniters.
As you may know, we successfully implement TDE. Phase-1 feature. [1]
This improvement allows users to use an encrypted cache.
To make TDE production ready I propose to extend it with two things:
* Master key rotation.
* Cache key rotation.
Such features required