[
https://issues.apache.org/jira/browse/HDFS-10899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15724398#comment-15724398
]
Xiao Chen commented on HDFS-10899:
----------------------------------
Good question. My intention was that after a {{hadoop key roll}} returns an
admin can safely {{hdfs crypto reencrypt}}.
KMS historically didn't care about this, and hence all caches may not be
invalidated. HADOOP-13827 fixes the client side to drain all KMSCPs, but only 1
server would be drained. To drain all the servers I think we need to add one
interface to the server to explicitly do that. Given that KMS servers ain't
aware of each other, this seems to be the only reasonable way. (And only drain
client after servers are all drained. The new {{drain}} interface can be
controlled under the {{MANAGEMENT}} ACL which currently controls
{{rollNewVersion}}).
Thoughts?
> Add functionality to re-encrypt EDEKs.
> --------------------------------------
>
> Key: HDFS-10899
> URL: https://issues.apache.org/jira/browse/HDFS-10899
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: encryption, kms
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HDFS-10899.01.patch, HDFS-10899.wip.2.patch,
> HDFS-10899.wip.patch, Re-encrypt edek design doc.pdf
>
>
> Currently when an encryption zone (EZ) key is rotated, it only takes effect
> on new EDEKs. We should provide a way to re-encrypt EDEKs after the EZ key
> rotation, for improved security.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
