Hi Andrey, Andrey Ivanov wrote: > Hi Noriko, > > i've read the changelog encryption design document. Indeed, it's a > sound idea to make AD-389 replication more robust. I have two > questions about it: > > * if i understand correctly you say that the server needs a > certificate in order to generate the symmetric key. Is this key > generated only once? That is correct. If a wrapped symmetric key is not found in cn=changelog5,cn=config, the key is generated. > I mean, if we change the expired server > certificate it won't trigger the symmetric key regeneration? That's tricky. If your changelog DB contains 2 sets of encrypted value -- one is encrypted with the expired cert, the other with the new cert, it'd be hard to recover old ones. Automation makes it happen easier... > * The replication changelog that contains the mixed entries > (cleartext, encrypted 3DES, encrypted AES etc) - is it still readable > by the server? I don't think so. We should avoid it, too. > Does each changelog entry contain a flag that describes > whether the entry is cleartext/AES/3DES? Can the server "detect" in > any other way whether the changelog entry is encrypted and if yes with > what type of cypher? The answer is no. Each value has no info about the type -- cleartext/AES/3DES. Thanks for the questions, Andrey! --noriko -- 389-devel mailing list 389-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-devel
