You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since we must implement global HPKE keys for taskprov (or more precisely, task-independent HPKE configuration), we can consider doing away with task-specific HPKE keys entirely.
The main possible benefit is that we don't have to worry about per-task HPKE key rotation. It's more difficult to implement than for global HPKE keys, since we have to manage a set of keys for each discrete task. (Note that we could just never rotate a task HPKE and just let them age out).
Possible drawbacks:
The subscriber can never be in control over a global key. (i.e. they may want to choose different ciphers, but this could be mitigated by having a wide set of global keys using different ciphers to choose from).
Could have a large blast radius if a global key is compromised (although in the current architecture, if any report encryption key is leaked it's highly likely they're all compromised).
Spinning up janus from scratch is slightly more complicated, because the operator has to provision a global key after the database schema is applied.
The text was updated successfully, but these errors were encountered:
From discussion in https://isrg.slack.com/archives/C0167LT4C73/p1689871160489639?thread_ts=1689810185.430009&cid=C0167LT4C73.
Since we must implement global HPKE keys for taskprov (or more precisely, task-independent HPKE configuration), we can consider doing away with task-specific HPKE keys entirely.
The main possible benefit is that we don't have to worry about per-task HPKE key rotation. It's more difficult to implement than for global HPKE keys, since we have to manage a set of keys for each discrete task. (Note that we could just never rotate a task HPKE and just let them age out).
Possible drawbacks:
The text was updated successfully, but these errors were encountered: