We will remove the keyring trace from the AWS Encryption SDK specification
and affected implementations
because we have determined that existing and better-defined parts of
the AWS Encryption SDK framework provide better solutions
to the problems that we intended the keyring trace to solve.
Motivation
We added the keyring trace with the anticipation that it would be a useful tool
to make assertions about what keyrings did to encryption and decryption materials.
However, we never defined how callers should interact with the keyring trace.
Before adding keyrings to additional implementations beyond C and Javascript,
we re-evaluated how callers should interact with the keyring trace
and came to the conclusion that they should not.
We determined that the keyring trace is unnecessary
because all expected use-cases are better solved either
by making keyrings that are correct by construction
or by proactively checking requirements before invoking keyrings.
We had considered adding failure information to the keyring trace,
but upon reviewing the capabilities that we would want in
a tool to communicate failure information,
we came to the conclusion that the keyring trace does not meet those requirements
and that a purpose-built solution will solve that problem better
than retrofitting failure information onto the keyring trace.
Out of Scope
The design for keyring failure communication is out of scope.
That feature is tracked separately.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Primary Issue
resolves: #97 resolves: #95 resolves: #70 resolves: #78 resolves: #39 resolves: #32 resolves: https://github.com/aws/aws-encryption-sdk-javascript/issues/18 resolves: https://github.com/aws/aws-encryption-sdk-python/issues/181
Summary
We will remove the keyring trace from the AWS Encryption SDK specification and affected implementations because we have determined that existing and better-defined parts of the AWS Encryption SDK framework provide better solutions to the problems that we intended the keyring trace to solve.
Motivation
We added the keyring trace with the anticipation that it would be a useful tool to make assertions about what keyrings did to encryption and decryption materials. However, we never defined how callers should interact with the keyring trace. Before adding keyrings to additional implementations beyond C and Javascript, we re-evaluated how callers should interact with the keyring trace and came to the conclusion that they should not. We determined that the keyring trace is unnecessary because all expected use-cases are better solved either by making keyrings that are correct by construction or by proactively checking requirements before invoking keyrings. We had considered adding failure information to the keyring trace, but upon reviewing the capabilities that we would want in a tool to communicate failure information, we came to the conclusion that the keyring trace does not meet those requirements and that a purpose-built solution will solve that problem better than retrofitting failure information onto the keyring trace.
Out of Scope
The design for keyring failure communication is out of scope. That feature is tracked separately.
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.