Open Stack

On Nov 20, 2013, at 5:26 AM, David Hadas <DAVIDH at il.ibm.com> wrote:

> 
> Hi all,
> 
> We created a wiki page discussing the addition of software side encryption
> to Swift:
> "The general scheme is to create a swift proxy middleware that will encrypt
> and sign the object data during PUT and check the signature + decrypt it
> during GET. The target is to create two domains - the user domain between
> the client and the middleware where the data is decrypted and the system
> domain between the middleware and the data at rest (on the device) where
> the data is encrypted.
> Design goals include: (1) Extend swift as necessary but without changing
> existing swift behaviors and APIs; (2) Support encrypting data incoming
> from unchanged clients"
> 
> See:  https://wiki.openstack.org/wiki/Swift/server-side-enc
> We would like to invite feedback.

I'll bite, though I'm fairly sure I already know the response. Why all this complexity for what amounts to just encrypting data on disk in case the disk is stolen, lost, or reused? That's the only protection I see this providing and it would seem it could be achieved with a single cluster key stored only on the Swift proxy servers. All the rest seems like gyrations that provide no true additional benefit. If a client actually cares about having their data encrypted, they should encrypt it themselves and only they would keep the key.

> 
> DH
> 
> 
> Regards,
> David Hadas,
> Openstack Swift ATC, Architect, Master Inventor
> IBM Research Labs, Haifa
> Tel:    Int+972-4-829-6104
> Fax:   Int+972-4-829-6112
> 
> 
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev