Gregory Holt <z-launch...@brim.net> wrote on 20/11/2013 05:46:41 PM: > From: Gregory Holt <z-launch...@brim.net> > To: "OpenStack Development Mailing List (not for usage questions)" > <openstack-dev@lists.openstack.org>, > Date: 20/11/2013 05:49 PM > Subject: Re: [openstack-dev] [Swift] Server Side Encryption > > On Nov 20, 2013, at 5:26 AM, David Hadas <dav...@il.ibm.com> wrote: > > > > > Hi all, > > > > We created a wiki page discussing the addition of software side encryption > > to Swift: > > "The general scheme is to create a swift proxy middleware that will encrypt > > and sign the object data during PUT and check the signature + decrypt it > > during GET. The target is to create two domains - the user domain between > > the client and the middleware where the data is decrypted and the system > > domain between the middleware and the data at rest (on the device) where > > the data is encrypted. > > Design goals include: (1) Extend swift as necessary but without changing > > existing swift behaviors and APIs; (2) Support encrypting data incoming > > from unchanged clients" > > > > See: https://wiki.openstack.org/wiki/Swift/server-side-enc > > We would like to invite feedback. > > I'll bite, though I'm fairly sure I already know the response. Why > all this complexity for what amounts to just encrypting data on disk > in case the disk is stolen, lost, or reused? That's the only > protection I see this providing and it would seem it could be > achieved with a single cluster key stored only on the Swift proxy > servers. All the rest seems like gyrations that provide no true > additional benefit. If a client actually cares about having their > data encrypted, they should encrypt it themselves and only they > would keep the key. >
A couple of reasons: -- improve re-keying by having a hierarchy -- finer grain control on encryption, e.g., per account (the objective is not just to protect against disks walking away). No argument, best security is client side encryption. This said, there seems to be a need for tenant-controlled, server side encryption, based both upon what is offered by other services and discussions I have had with users.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev