Service support for TDFs without KAOs is confusing and results in lots of installation pain #1273
Comments
github-merge-queue bot
pushed a commit
that referenced
this issue
Aug 9, 2024
- Changes 'default' behavior of `legacy` field to be true if none are specified - This feature is a performance optimization for some imagined future when all 'new' TDFs are created with KIDs in their KAOs. We are not there yet. - Resolves #1273
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current 'keyring' configuration object requires specifying keys twice, once for 'current' keys and again for 'legacy kidless lookup' keys. Since most clients don't yet support key identifiers (e.g. nanoTDF support hasn't been merged (yet?)), this is an optimization without a purpose.
The default KAS behavior should be to look at all keys if the KID is missing. We can later optimize if this becomes a performance issue
The text was updated successfully, but these errors were encountered: