Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Accumulo, mail # dev - ACCUMULO-958 - Pluggable encryption in walogs


Copy link to this message
-
ACCUMULO-958 - Pluggable encryption in walogs
Josh Elser 2013-01-30, 14:13
All,

It's been a few days and I haven't seen much chatter at all on
ACCUMULO-958 [1] since the patch was applied. There are a couple of
concerns I have that I definitely want to see addressed before a 1.5.0
release.

- It worries me that the provided patch is fail-open (when we can't load
the configured encryption strategies/modules, we don't decrypt anything.
I think for a security-minded database, we should probably be defaulting
to fail-close; but, that brings up an issue, what happens when we can't
encrypt a WAL? Do minor compactions fail gracefully? What does Accumulo do?

- John said he had been reviewing the patch before he applied it; it
bothers me that there was a version of this patch that had been reviewed
privately for some amount of time when we had already pushed back the
feature freeze date by a week waiting for features that weren't done.

- The author noted himself with the deprecation of the CryptoModule
interface that "we anticipate changing [this] in non-backwards
compatible ways as we explore requirements for encryption in
Accumulo...". This tells me that implementation of WAL encryption
overall hasn't been properly thought out.

Given all of this, it gives me great pause to knowingly include this
patch into a 1.5.0 release. I see no signs that this has been truly
thought out, there is no default provided encryption strategy for 1.5.0
with this patch for the WAL and there is still no support at all for
RFile encryption (no end-to-end Accumulo encryption for a user). All of
these issues considered make me believe that this is an incomplete
feature that is not ready for an Apache Accumulo release.

Thoughts?

- Josh

[1] https://issues.apache.org/jira/browse/ACCUMULO-958