jackye1995 commented on issue #1805: URL: https://github.com/apache/iceberg/issues/1805#issuecomment-731642674
I remember based on the last discussion, the conclusion is to stick with the v2 client and not split out another v1 client to have a clean dependency, please let me know if we would like the v1 client discussion to be back on the table. I briefly considered client side encryption when starting the aws module, and the existing Iceberg encryption interface looks good enough for implementing the features in the encryption libraries. There can be a `S3EncryptionManager`, and the data can be read and written by extending the current `S3InputFile` and `S3OutputFile`. The MAC calculation is sometimes used by plain S3 IO as well, so I think it can be a separated discussion. And let me also ask about this directly with the team and come back with a reply for their v2 client support. I have 2 question for you: 1. there are two S3 client side encryption libraries, the [AmazonS3EncryptionV2](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html) and [the AWS Encryption SDK](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html). They are also not compatible with each other. Just to make sure, which library (or both?) would you like to support? 2. You mentioned "user seems to be implementing the AES GCM and then switching to unauthenticated CTR on seeks on their own", could you elaborate more on this so I fully understand the context of your use case? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
