Hi Nikolay, I would like to look to IEP. Please give me couple days.
Sincerely, Dmitriy Pavlov пн, 9 апр. 2018 г. в 20:11, Nikolay Izhikov <nizhi...@apache.org>: > Hello, Igniters. > > I'm going to create tickets and start implementation of TDE in a few days. > > Any objections? > > В Пн, 09/04/2018 в 17:55 +0300, Nikolay Izhikov пишет: > > Hello, Denis > > > > > Is it necessary to have CEP keys for every cache? > > > > With current design, It's necessary to have difference CEK for every > encrypted cache. > > I don't this it's an issue because CEK should be generated automatically > and stored internally in Ignite. > > Cluster administrator should manage MEK to have > > > > > I guess it would be up to me which caches to encrypt, right? > > > > Yes. User can enable TDE for any caches he want. > > Other caches will work without any changes. > > > > > Should we think of procedures of CEP keys regeneration? > > > Similar question goes for MEP key. > > > > Yes, we should! Good catch, thank you. > > I think, it questionable, should we provide such feature in the first > release? > > Will be added to IEP, anyway. > > > > > > В Пт, 06/04/2018 в 11:59 -0700, Denis Magda пишет: > > > Nikolay, Dmitriy R., > > > > > > Thanks for the research and for writing down a summary in the IEP form. > > > > > > Please answer several high-level questions: > > > > > > - Is it necessary to have CEP keys for every cache? Not sure how > all the > > > keys will be managed if the user wants to encrypt 10-100 caches. Is > it > > > possible to use a single CEP by default with an option of having a > unique > > > one for a cache with more sensitive information? > > > - It's not written, but I guess it would be up to me which caches to > > > encrypt, right? In practice, you don't need to have all the data > encrypted. > > > Usually, companies look to hide personal, payments history, etc. > > > - Should we think of procedures of CEP keys regeneration? A key can > be > > > lost or stolen. > > > - Similar question goes for MEP key. > > > > > > -- > > > Denis > > > > > > On Thu, Apr 5, 2018 at 2:15 PM, Dmitriy Setrakyan < > dsetrak...@apache.org> > > > wrote: > > > > > > > Here is a correct link to IEP: > > > > https://cwiki.apache.org/confluence/display/IGNITE/IEP- > > > > 18%3A+Transparent+Data+Encryption > > > > > > > > On Thu, Apr 5, 2018 at 12:01 PM, Nikolay Izhikov < > nizhi...@apache.org> > > > > wrote: > > > > > > > > > Hello, Igniters. > > > > > > > > > > Based on previous discussion [1] we've created "IEP-18: > Transparent Data > > > > > Encryption" [2] > > > > > I've planned to start implementation of TDE in few weeks. > > > > > I will create JIRA ticket for each piece of implementation. > > > > > > > > > > So, please, see IEP-18 and give us feedback. > > > > > > > > > > Dima Ryabov, huge thanks for pushing TDE IEP forward. > > > > > > > > > > [1] http://apache-ignite-developers.2346864.n4.nabble. > > > > > com/Transparent-Data-Encryption-TDE-in-Apache-Ignite-td18957.html > > > > > [2] https://cwiki.apache.org/confluence/pages/viewpage. > > > > > action?pageId=75979078
