Postgres Pro
Downloads
Home   >   mailing lists

Re: Key management with tests - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Key management with tests
Date
Msg-id 20210128202221.GA4568@momjian.us
Whole thread Raw
In response to Re: Key management with tests  (Tom Kincaid <tomjohnkincaid@gmail.com>)
Responses Re: Key management with tests  (Masahiko Sawada <sawada.mshk@gmail.com>)
List pgsql-hackers
Tree view 
On Thu, Jan 28, 2021 at 02:41:09PM -0500, Tom Kincaid wrote:
>     I would also like to add a "not wanted" entry for this feature on the
>     TODO list, baaed on the feature's limited usefulness, but I already
>     asked about that and no one seems to feel we don't want it.
> 
> 
> I want to avoid seeing this happen. As a result of a lot of customer and user
> discussions, around their criteria for choosing a database, I believe TDE is an
> important feature and having it appear with a "not-wanted" tag will keep the
> version of PostgreSQL released by the community out of certain (and possibly
> growing) number of deployment scenarios which I don't think anybody wants to
> see.

With pg_upgrade, I could work on it out of the tree until it became
popular, with a small non-user-visible part in the backend.  With the
Windows port, the port wasn't really visible to users until it we ready.

For the key management part of TDE, it can't be done outside the tree,
and it is user-visible before it is useful, so that restricts how much
incremental work can be committed to the tree for TDE.  I highlighted
that concern emails months ago, but never got any feedback --- now it
seems people are realizing the ramifications of that.

> I think the current situation to be as follows (if I missed something please
> let me know):
> 
> 1) We need to get the current patch for Key Management reviewed and tested
> further. 
> 
> I spoke to Bruce just now he will see if can get somebody to do this.

Well, if we don't get anyone committed to working on the data encryption
part of TDE, the key management part is useless, so why review/test it
further?

Although Sawada-san and Stephen Frost worked on the patch, they have not
commented much on my additions, and only a few others have commented on
the code, and there has been no discussion on who is working on the next
steps.  This indicates to me that there is little interest in moving
this feature forward, which is why I started asking if it could be
labeled as "not wanted".

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee

pgsql-hackers by date:

Previous
From: Tom Kincaid
Date:
Subject: Re: Key management with tests
Next
From: Tom Lane
Date:
Subject: Re: [PATCH] postgres_fdw connection caching - cause remote sessions linger till the local session exit