Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding/removing a Dimension from the Policy will deprecate all previously issued keys and ciphers #121

Open
ackRow opened this issue Dec 5, 2023 · 1 comment
Open

Adding/removing a Dimension from the Policy will deprecate all previously issued keys and ciphers #121

ackRow opened this issue Dec 5, 2023 · 1 comment

Comments

@ackRow
Copy link
Contributor

ackRow commented Dec 5, 2023
edited
Loading

Modifying the number of dimensions inside a Policy will change how we compute the subkeys coordinates (previously named Partitions) so that there is no way to match previous subkeys with the new ones.

One will need to re-generate all keys and re-encrypt all documents...
@ackRow
Copy link
Contributor Author

ackRow commented Dec 5, 2023
edited
Loading

Attribute additions or deletions inside existing Dimension also have their own edge-cases:

  • Removing an Attribute will make user keys decrypting for this Attribute useless => should we delete the keys automatically in the KMS?

  • Removing the last Attribute from a Dimension will lead to the problem of Dimension removal

  • Should we add new Attribute access to an old User Key if its initial AccessPolicy would have matched it (e.g. *)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ackRow