Postgres Pro
Downloads
Home   >   mailing lists

Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

From Masahiko Sawada
Subject Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Date
Msg-id CAD21AoBnPr4Af0=5Gw9Ccm+R20uJNE9HHjO3d+aKhyijPkdzFg@mail.gmail.com
Whole thread Raw
In response to Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)  (Antonin Houska <ah@cybertec.at>)
List pgsql-hackers
Tree view 
On Mon, Jul 15, 2019 at 9:38 PM Antonin Houska <ah@cybertec.at> wrote:
>
> Masahiko Sawada <sawada.mshk@gmail.com> wrote:
>
> > On Mon, Jun 17, 2019 at 11:02 PM Tomas Vondra
> > <tomas.vondra@2ndquadrant.com> wrote:
> > >
> > > On Mon, Jun 17, 2019 at 08:39:27AM -0400, Joe Conway wrote:
> > > >On 6/17/19 8:29 AM, Masahiko Sawada wrote:
> > > >> From perspective of  cryptographic, I think the fine grained TDE would
> > > >> be better solution. Therefore if we eventually want the fine grained
> > > >> TDE I wonder if it might be better to develop the table/tablespace TDE
> > > >> first while keeping it simple as much as possible in v1, and then we
> > > >> can provide the functionality to encrypt other data in database
> > > >> cluster to satisfy the encrypting-everything requirement. I guess that
> > > >> it's easier to incrementally add encryption target objects rather than
> > > >> making it fine grained while not changing encryption target objects.
> > > >>
> > > >> FWIW I'm writing a draft patch of per tablespace TDE and will submit
> > > >> it in this month. We can more discuss the complexity of the proposed
> > > >> TDE using it.
> > > >
> > > >+1
> > > >
> > > >Looking forward to it.
> > > >
> > >
> > > Yep. In particular, I'm interested in those aspects:
> > >
> >
> > Attached the draft version patch sets of per tablespace transparent
> > data at rest encryption.
>

Thank you for your email

> I was worried that there's competition between us but now that I've checked
> your patch set I see that you already use some parts of
>
> https://commitfest.postgresql.org/23/2104/
>
> although not the latest version. I'm supposed to work on the encryption now,
> so thinking what to do next. I think we should coordinate the effort, possibly
> off-list. The earlier we have a single patch set the more efficient the work
> should be.

Agreed. Let's discuss how we can coordinate the effort. I also think
it could be off-list as that's mostly about non-technical topic.

Regards,

--
Masahiko Sawada
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center

pgsql-hackers by date:

Previous
From: Michael Paquier
Date:
Subject: Re: getting ERROR "relation 16401 has no triggers" with partitionforeign key alter
Next
From: Amit Kapila
Date:
Subject: Re: GiST VACUUM