Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)

On Thu, Jul 11, 2019 at 12:18:47AM +0200, Tomas Vondra wrote:
> On Wed, Jul 10, 2019 at 06:04:30PM -0400, Stephen Frost wrote:
> > Greetings,
> >
> > * Tomas Vondra (tomas.vondra@2ndquadrant.com) wrote:
> > > On Wed, Jul 10, 2019 at 04:11:21PM -0400, Alvaro Herrera wrote:
> > > >On 2019-Jul-10, Bruce Momjian wrote:
> > > >
> > > >>Uh, what if a transaction modifies page 0 and page 1 of the same table
> > > >>--- don't those pages have the same LSN.
> > > >
> > > >No, because WAL being a physical change log, each page gets its own
> > > >WAL record with its own LSN.
> > > >
> > >
> > > What if you have wal_log_hints=off? AFAIK that won't change the page LSN.
> >
> > Alvaro suggested elsewhere that we require checksums for these, which
> > would also force wal_log_hints to be on, and therefore the LSN would
> > change.
> >
>
> Oh, I see - yes, that would solve the hint bits issue. Not sure we want
> to combine the features like this, though, as it increases the costs of
> TDE. But maybe it's the best solution.

Uh, why can't we just force log_hint_bits for encrypted tables?  Why
would we need to use checksums as well?

Why is page-number not needed in the nonce?  Because it is duplicative
of the LSN?  Can we use just LSN?  Do we need pg_class.oid too?

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +