[
https://issues.apache.org/jira/browse/ACCUMULO-980?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13569035#comment-13569035
]
Keith Turner commented on ACCUMULO-980:
---------------------------------------
Are you considering rekeying? I.e. encrypt new files key with new key and read
old files key with an older key.
Do you have any thoughts on key management? I was thinking that each tablet
could have a key. The tablets key is encrypted with the table key. The tablet
key is used to encrypt/decrypt file keys. A tablet never has to know the
table key, it could ask a centralized service to decrypt its tablet key using
the table key. Using this method, the table key would only need to be held in
memory on one machine.
> support pluggable codecs for RFile
> ----------------------------------
>
> Key: ACCUMULO-980
> URL: https://issues.apache.org/jira/browse/ACCUMULO-980
> Project: Accumulo
> Issue Type: Improvement
> Reporter: Adam Fuchs
> Assignee: Adam Fuchs
> Fix For: 1.6.0
>
> Attachments: RFile-Changes-Proposal-V1.pdf
>
>
> As part of the encryption at rest story, RFile should support pluggable
> modules where it currently has hardcoded options for compression codecs. This
> is a natural place to add encryption capabilities, as the cost of encryption
> would likely not be significantly different from the cost of compression, and
> the block-level integration should maintain the same seek and scan
> performance. Given the many implementation options for both encryption and
> compression, it makes sense to have a plugin structure here.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
