XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: 8.0 Required
Affects Version/s: None
Component/s: Queryable Encryption
Labels:
- range-ga
- server-rapid-response

Assigned Teams:

Server Security
Backport Requested:

v8.0
Sprint:
Security 2024-07-08

Scope

Ignore placeholder fields for encryption parameters ("min", "max", "trimFactor", "sparsity", and "precision") in the QE range payloads:

FLE2InsertUpdatePayloadV2
FLE2FindRangePayloadV2

For consistency with other single-letter fields, consider using short field names:

"min" as "mi"
"max" as "ma",
"trimFactor" as "tf",
"sparsity" as "s"
"precision" as "p"

Alternatively: accept all extra fields. Set strict to false in the IDL (example).

Background & Motivation

Placeholders may enable future safeguards proposed in SERVER-91887 without requiring new V3 payloads (8.0 servers can ignore the fields). Local testing suggests the server rejects unrecognized fields in the payloads: "BSON field 'root.foo' is an unknown field".

has to be done before

SERVER-91887 Reject mismatched parameters in QE payloads

Needs Scheduling

is depended on by

MONGOCRYPT-705 Send encryption parameters in QE range payloads

Blocked

Assignee:: Mark Benvenuto

Reporter:: Kevin Albertson

Participants:: Kevin Albertson, Mark Benvenuto

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: Jun 26 2024 08:26:43 PM UTC

Updated:: Jul 05 2024 02:17:12 PM UTC

Details

Description

Scope

Background & Motivation

Attachments

Issue Links

Activity

People

Dates