Hello, Igniters. We've discussed TDE design privately with some respected community members including Vladimir Ozerov and Alexey Goncharyuk. Here the list of questions we have to address before starting TDE implementation:
1. MEK, CEK rotation.
Should we provide the way to change(regenerate) MEK, CEK from time to time?
Is it required by PCI DSS standard?
2. Does CEK(table keys) relate to user access permission?
Need to study other vendors implementation.
3. WAL encryption. How will it be implemented? What issues we have to solve?
4. We should keep CEKs in MetaStore.
Not a question, just to write down decision.
5. How should we handle following case:
a. Node X left cluster.
b. Node X joins cluster.
c. Between steps a and b encryption keys has been changed
6. Public API to deal with CEK should be provided.
Looks like we need to support following methods:
a. Generate new CEK when encrypted cache are created
b. Decrypt CEK whenever needed.
7. Can each node use own CEK? What are pros and cons for that?
8. How we can ensure that decryption succeed?
In case CEK is broken. It can be broken because of memory corruption, network
errors, etc.
9. Specific encryption algorithm has to be chosen prior an implementation.
We have to support usage of other algorithms.
10. Page integrity are checked by CRC. How this process would be changed for
encrypted pages?
11. Page header has well-known content. This can be used for known-plain-text
attacks.
We should measure the treatment and find the way to deal with it.
signature.asc
Description: This is a digitally signed message part
