Add RFC 1005: Realm key rotation #5303

touilleMan · 2023-09-22T10:34:42Z

No description provided.

docs/rfcs/1005-realm-key-rotation.md

docs/rfcs/1005-realm-key-rotation/schema.excalidraw

docs/rfcs/1005-realm-key-rotation.md

FirelightFlagboy · 2023-10-10T09:14:00Z

General comment about the markdown format:

The headers that start with a number value e.g: ## 1 Foobar should have a separator (recommend using a carret - to be consistent).
I recommend that list item start with a capital and end with a point .:
```
- Foo bar.
- Foo do bar.
- Bar is Foo.
```

docs/rfcs/1005-realm-key-rotation.md

mmmarcos

Partial review (sections 1 and 2)

docs/rfcs/1005-realm-key-rotation.md

mmmarcos

More comments on section 2

docs/rfcs/1005-realm-key-rotation.md

touilleMan · 2023-10-26T10:39:52Z

docs/rfcs/1005-realm-key-rotation.md

+
+> **TODO:**
+>
+> The fields `encryption_algorithm` & `hash_algorithm` allows for future evolution.


A new RFC will be opened to discuss this

The idea is basically to modify file manifest to references the file blocks as (block_id, key_index, block_hash), this way all data using symmetric encryption will use the same key

Did you create an issue to trace the requirement of the new RFC ? (If you give me the requirement I could create it for you)

…SVG files

docs/rfcs/1005-realm-key-rotation.md

FirelightFlagboy · 2023-11-02T10:53:27Z

docs/rfcs/1005-realm-key-rotation.md

+To avoid being blocked by a workspace forever in maintenance (e.g. workspace owned by
+a single user that got revoked while it was re-encrypting it), we also provide a cli for
+removing realm vlobs (cannot remove a realm given it is related to certificates) or
+organization form the database.


This CLI already exist or do we need to add an issue tracking the need ?

this cli doesn't exist, but I think this is part of the key rotation implementation so no need for a specific issue for this for the moment

I've create the issue anyway (#5782), in the best case it would be merge with the implementation of the RFC

docs/rfcs/1005-realm-key-rotation.md

FirelightFlagboy assigned touilleMan Sep 22, 2023

FirelightFlagboy reviewed Sep 22, 2023

View reviewed changes

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

FirelightFlagboy reviewed Sep 22, 2023

View reviewed changes

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

FirelightFlagboy reviewed Sep 22, 2023

View reviewed changes

FirelightFlagboy linked an issue Sep 25, 2023 that may be closed by this pull request

Design strategy for data migration (RFC) #5350

Closed

touilleMan force-pushed the rfc-realm-key-rotation branch 4 times, most recently from 5ac101a to ed6bf70 Compare October 4, 2023 12:09

touilleMan force-pushed the rfc-realm-key-rotation branch from ed6bf70 to 1a82f37 Compare October 5, 2023 07:54

FirelightFlagboy reviewed Oct 9, 2023

View reviewed changes

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

docs/rfcs/1005-realm-key-rotation.md Show resolved Hide resolved

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

touilleMan force-pushed the rfc-realm-key-rotation branch 3 times, most recently from b73999d to 1c22618 Compare October 9, 2023 10:42

FirelightFlagboy reviewed Oct 9, 2023

View reviewed changes

docs/rfcs/1005-realm-key-rotation/schema.excalidraw Outdated Show resolved Hide resolved

touilleMan force-pushed the rfc-realm-key-rotation branch 3 times, most recently from 94e67a1 to c87d745 Compare October 9, 2023 21:36

FirelightFlagboy marked this pull request as ready for review October 10, 2023 07:06

FirelightFlagboy reviewed Oct 10, 2023

View reviewed changes

TimeEngineer suggested changes Oct 11, 2023

View reviewed changes

docs/rfcs/1005-realm-key-rotation.md Outdated Show resolved Hide resolved

TimeEngineer reviewed Oct 11, 2023

View reviewed changes