DOCSP-38147 "Choosing an In Use Encryption Approach" crypto team review (#7058)

* New topic, TOC update, refs

* TOC and link restructuring to move limitations topics up

* Fixed drawer page

* Shorter title

* Title fixes

* Added stub headings

* Stub headings

* More topic structure

* Copied language on implementation considerations to main QE and CSFLE topics

* Typo fix

* Reordered headings

* Fixed heading level

* Parallel wording

* Reorder

* Fixed ref typo

* Removed unused stubs and links to them

* Added draft language for security considerations

* Added link for client-side schema enforcement

* Updated image

* Internal PR feedback

Co-authored-by: Ashley Brown <98361885+mdb-ashley@users.noreply.github.com>

* Internal PR feedback

Co-authored-by: Ashley Brown <98361885+mdb-ashley@users.noreply.github.com>

* Internal PR feedback

Co-authored-by: Ashley Brown <98361885+mdb-ashley@users.noreply.github.com>

* Rebuild

* Updated CSFLE features topic to use same image

* Updated image

* Image update

* Image update

* Removed ambiguous/misleading statement about CSFLE being a mature security product

* Some re-wording of the term implementation

* Consolidated some limitations for brevity

* Split bullet

* Changed the order of some statements to move important info up

* Reverted image to master

---------

Co-authored-by: Ashley Brown <98361885+mdb-ashley@users.noreply.github.com>

Author: nvillahermosa-mdb

snooty.toml

@@ -78,6 +78,7 @@ toc_landing_pages = [
    "/core/kerberos",
    "/core/map-reduce",
    "/core/queryable-encryption/",
+   "/core/queryable-encryption/about-qe-csfle",
    "/core/queryable-encryption/fundamentals/keys-key-vaults",
    "/core/queryable-encryption/fundamentals/",
    "/core/queryable-encryption/overview-enable-qe",

source/core/csfle.txt

@@ -29,6 +29,17 @@ You can set up {+csfle-abbrev+} using the following mechanisms:
   specify the logic for encryption with this library throughout your
   application.
 
+Considerations
+--------------
+
+When implementing an application that uses {+csfle+}, consider the points listed in :ref:`Security Considerations <qe-csfle-security-considerations>`.
+
+For limitations, see :ref:`{+csfle-abbrev+} limitations
+<csfle-reference-encryption-limits>`.
+
+Compatibility
+~~~~~~~~~~~~~
+
 The following table shows which MongoDB server products support which {+csfle-abbrev+}
 mechanisms:
 
@@ -97,13 +108,11 @@ To learn how to perform specific tasks with {+csfle-abbrev+}, see the
 Reference
 ---------
 
-To view information to help you develop your {+csfle-abbrev+} enabled applications,
-see the :ref:`csfle-reference` section.
+To learn about encryption key management, read :ref:`qe-reference-keys-key-vaults`.
 
-The reference section contains the following pages:
+For more information about developing your {+csfle-abbrev+}-enabled applications,
+see the :ref:`csfle-reference` section, which contains the following pages:
 
-- :ref:`csfle-compatibility-reference`
-- :ref:`csfle-reference-encryption-limits`
 - :ref:`csfle-reference-encryption-schemas`
 - :ref:`csfle-reference-server-side-schema`
 - :ref:`csfle-reference-automatic-encryption-supported-operations`

source/core/csfle/features.txt

@@ -124,7 +124,7 @@ Comparison of Features
 The following diagram lists security features MongoDB supports
 and the potential security vulnerabilities that they address:
 
-.. image:: /images/CSFLE_Security_Feature_Chart.png
+.. image:: /images/QE_Security_Feature_Chart.png
    :alt: Diagram that describes MongoDB security features and the potential vulnerabilities that they address
 
 .. important:: Use the Mechanisms Together

source/core/csfle/fundamentals.txt

@@ -12,7 +12,9 @@ Fundamentals
    :depth: 2
    :class: singlecol
 
-Read the following sections to learn how {+csfle+} works and how to use it:
+To learn about encryption key management, read :ref:`qe-reference-keys-key-vaults`.
+
+To learn how {+csfle+} works and how to use it, read the following sections:
 
 - :ref:`csfle-fundamentals-automatic-encryption`
 - :ref:`csfle-fundamentals-manual-encryption`

source/core/csfle/reference.txt

@@ -15,7 +15,6 @@ Reference
 Read the following sections to learn about components
 of the {+csfle+} ({+csfle-abbrev+}) feature:
 
-- :ref:`csfle-reference-encryption-limits`
 - :ref:`csfle-reference-encryption-schemas`
 - :ref:`csfle-reference-server-side-schema`
 - :ref:`csfle-reference-automatic-encryption-supported-operations`
@@ -30,7 +29,6 @@ of the {+csfle+} ({+csfle-abbrev+}) feature:
 .. toctree::
    :titlesonly:
 
-   /core/csfle/reference/limitations
    /core/csfle/reference/encryption-schemas
    /core/csfle/reference/server-side-schema
    /core/csfle/reference/supported-operations

source/core/csfle/reference/limitations.txt

@@ -1,3 +1,6 @@
+.. meta::
+   :keywords: CSFLE, in-use encryption, security, supported operations
+
 .. _csfle-reference-encryption-limits:
 
 =================
@@ -12,6 +15,13 @@ CSFLE Limitations
    :depth: 1
    :class: singlecol
 
+Overview
+--------
+Consider these limitations and restrictions before you enable {+csfle-abbrev+}.
+Some operations are unsupported, and others behave differently.
+
+For compatibility limitations, see :ref:`<qe-csfle-compatibility>`.
+
 Read and Write Operation Support
 --------------------------------
 

source/core/queryable-encryption.txt

@@ -56,6 +56,12 @@ You can set up {+qe+} using the following mechanisms:
 Considerations
 --------------
 
+When implementing an application that uses {+qe+}, consider the points listed
+in :ref:`Security Considerations <qe-csfle-security-considerations>`.
+
+For other limitations, see :ref:`{+qe+} limitations
+<qe-reference-encryption-limits>`.
+
 Compatibility
 ~~~~~~~~~~~~~
 
@@ -112,16 +118,16 @@ To start using {+qe+}, see the :ref:`<qe-quick-start>`.
 Fundamentals
 ------------
 
-To learn how {+qe+} works and how to set it up, see the
-:ref:`<qe-fundamentals>` section.
+To learn about encryption key management, see :ref:`qe-reference-keys-key-vaults`.
 
-The fundamentals section contains the following pages:
+To learn how {+qe+} works, see the :ref:`<qe-fundamentals>` section,
+which contains the following pages:
 
 - :ref:`qe-fundamentals-encrypt-query`
+- :ref:`qe-create-encryption-schema`
 - :ref:`qe-fundamentals-collection-management`
-- :ref:`qe-reference-keys-key-vaults`
+- :ref:`qe-fundamentals-manual-encryption`
 - :ref:`qe-fundamentals-manage-keys`
-- :ref:`qe-fundamentals-kms-providers`
 
 Tutorials
 ---------
@@ -137,12 +143,8 @@ see the :ref:`qe-reference` section.
 
 The reference section contains the following pages:
 
-- :ref:`qe-compatibility-reference`
-- :ref:`qe-reference-encryption-limits`
 - :ref:`qe-reference-automatic-encryption-supported-operations`
 - :ref:`qe-reference-mongo-client`
-- :ref:`qe-csfle-install-library`
-- :ref:`qe-reference-libmongocrypt`
 
 .. toctree::
    :titlesonly:

source/core/queryable-encryption/about-qe-csfle.txt

@@ -30,11 +30,84 @@ to encrypt data before transporting it over the network. Sensitive data is
 transparently encrypted and decrypted by the client and only
 communicated to and from the server in encrypted form.
 
-For more information, see :ref:`{+qe+} Features <qe-features>` and 
+To compare features in detail, see :ref:`{+qe+} Features <qe-features>` and 
 :ref:`{+csfle-abbrev+} Features <csfle-features>`.
 
+Considerations
+--------------
+
+When implementing and application that uses {+qe+} or {+csfle-abbrev+}, review
+the security considerations in this section.
+
+For the limitations of each approach, see :ref:`{+qe+} limitations
+<qe-reference-encryption-limits>` or :ref:`{+csfle-abbrev+} limitations
+<csfle-reference-encryption-limits>`.
+
+For MongoDB server and driver version compatibility, see :ref:`Compatibility
+<qe-csfle-compatibility>`.
+
+.. _qe-csfle-security-considerations:
+
+Security Considerations
+~~~~~~~~~~~~~~~~~~~~~~~
+
+* {+csfle-abbrev+} and {+qe+} do not provide any cryptographic integrity
+  guarantees against adversaries with access to your {+cmk-long+},
+  {+dek-long+}s.
+  
+* {+csfle-abbrev+} and {+qe+} do not provide any cryptographic integrity
+  guarantees against adversaries with arbitrary write access to collections
+  containing encrypted data.
+ 
+* MongoDB uses :ref:`schema validation <schema-validation-overview>` to enforce
+  encryption of specific fields in a collection. Without a client-side schema,
+  the client downloads the server-side schema for the collection to determine 
+  which fields to encrypt. To avoid this issue, use client-side schema validation.
+  
+  Because {+csfle-abbrev+} and {+qe+} do not provide a mechanism to verify
+  the integrity of a schema, relying on a server-side schema means
+  trusting that the server's schema has not been tampered with. If an adversary
+  compromises the server, they can modify the schema so that a previously
+  encrypted field is no longer labeled for encryption. This causes the client 
+  to send plaintext values for that field.
+
+  For an example of {+csfle-abbrev+} configuration for client and server-side
+  schemas, see :ref:`CSFLE Server-Side Field Level Encryption Enforcement <field-level-encryption-automatic-remote-schema>`.
+
+
+Using {+qe+} and {+csfle-abbrev+}
+------------------------------------------------------------------------
+
+You can use {+qe+}, {+csfle+}, or both in your application. However,
+you can't use both approaches in the same collection. 
+
+Consider using {+qe+} in the following scenarios: 
+
+- You are developing a new application and want to use the latest
+  cryptographic advancements from MongoDB.
+- You expect users to run ranged, prefix, suffix, or substring queries
+  against encrypted data.
+- Your application can use a single key for a given field, rather than
+  requiring separate keys on a per-user or per-tenant basis.
+- You value read performance over storage requirements. {+qe+} generates 
+  internal :ref:`metadata collections <qe-metadata-collections>` and 
+  indexes to improve query performance. As a result, a collection
+  encrypted with {+qe+} uses 2-4 times the storage space that it would
+  if it were plaintext or encrypted with {+csfle-abbrev+}.
+
+There are situations where {+csfle-abbrev+} may be a preferable solution:
+
+- Your application already uses {+csfle-abbrev+}.
+- You need to use different keys for the same field. This is commonly 
+  encountered when separating tenants or using user-specific keys.
+- You need to be flexible with your data schema and potentially add more
+  encrypted fields. Adding encrypted fields for {+qe+}
+  requires rebuilding metadata collections and indexes.
+- The increased storage requirements of {+qe+} are a concern.
+
 Querying Encrypted Fields
 ~~~~~~~~~~~~~~~~~~~~~~~~~
+
 {+qe+} supports equality queries on encrypted fields. 
 Support for ranged queries is upcoming, and support for prefix, suffix, 
 and substring queries with {+qe+} is under development.
@@ -76,44 +149,6 @@ field has very few values, like sex, then attackers can reasonably guess
 them and use that information to help to decipher the cryptographic 
 algorithm.
 
-Using {+qe+} and {+csfle-abbrev+}
-------------------------------------------------------------------------
-You can use {+qe+}, {+csfle+}, or both in your application. However,
-you can't use both approaches in the same collection. 
-
-Consider using {+qe+} in the following scenarios: 
-
-- You are developing a new application and want to use the latest
-  cryptographic advancements from MongoDB.
-- You expect users to run ranged, prefix, suffix, or substring queries
-  against encrypted data.
-- Your application can use a single key for a given field, rather than
-  requiring separate keys on a per-user or per-tenant basis.
-- You value read performance over storage requirements. {+qe+} generates 
-  internal :ref:`metadata collections <qe-metadata-collections>` and 
-  indexes to improve query performance. As a result, a collection
-  encrypted with {+qe+} uses 2-4 times the storage space that it would
-  if it were plaintext or encrypted with {+csfle-abbrev+}.
-
-There are situations where {+csfle-abbrev+} may be a preferable solution:
-
-- Your application already uses {+csfle-abbrev+}.
-- You need to use different keys for the same field. This is commonly 
-  encountered when separating tenants or using user-specific keys.
-- You need to be flexible with your data schema and potentially add more
-  encrypted fields. Adding encrypted fields for {+qe+}
-  requires rebuilding metadata collections and indexes.
-- The increased storage requirements of {+qe+} are a concern.
-- Your company or industry prefers mature products over emerging
-  technologies.
-
-Compatibility
-~~~~~~~~~~~~~
-{+qe+} and {+csfle+} are compatible with different MongoDB server and
-driver versions. Both {+qe+} and {+csfle-abbrev+} are supported for the 
-foreseeable future. For details, see :ref:`Compatibility
-<qe-csfle-compatibility>`.
-
 Private Querying
 ~~~~~~~~~~~~~~~~
 
@@ -123,18 +158,12 @@ With {+qe+}, private querying goes a step further and redacts logs and
 metadata to scrub information around the query's existence. This ensures 
 stronger privacy and confidentiality.
 
-Limitations
-~~~~~~~~~~~
-
-For the limitations of each approach, see :ref:`{+qe+} limitations
-<qe-reference-encryption-limits>` or :ref:`{+csfle-abbrev+} limitations
-<csfle-reference-encryption-limits>`.
-
 Choosing Between Automatic and {+manual-enc-title+}
 ---------------------------------------------------------
 
 Using Automatic Encryption
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
+
 We recommend automatic encryption in most situations, as it streamlines
 the process of writing your client application. With automatic
 encryption, MongoDB automatically encrypts and decrypts fields in read
@@ -146,4 +175,11 @@ Using {+manual-enc-title+}
 .. include:: /includes/queryable-encryption/qe-csfle-manual-enc-overview.rst
 
 For details, see :ref:`{+manual-enc-title+} with {+qe+}
-<qe-fundamentals-manual-encryption>` or :ref:`{+manual-enc-title+} with {+csfle-abbrev+} <csfle-fundamentals-manual-encryption>`.
+<qe-fundamentals-manual-encryption>` or :ref:`{+manual-enc-title+} with
+{+csfle-abbrev+} <csfle-fundamentals-manual-encryption>`.
+
+.. toctree::
+   :titlesonly:
+
+   /core/queryable-encryption/reference/limitations
+   /core/csfle/reference/limitations

source/core/queryable-encryption/fundamentals.txt

@@ -12,7 +12,9 @@ Fundamentals
    :depth: 2
    :class: singlecol
 
-Read the following sections to learn how {+qe+} works and how to use it:
+To learn about encryption key management, read :ref:`qe-reference-keys-key-vaults`.
+
+To learn how {+qe+} works and how to use it, read the following sections:
 
 - :ref:`qe-fundamentals-encrypt-query`
 - :ref:`qe-create-encryption-schema`

source/core/queryable-encryption/reference.txt

@@ -15,13 +15,11 @@ Reference
 Read the following sections to learn about components
 of {+qe+}:
 
-- :ref:`qe-reference-encryption-limits`
 - :ref:`qe-reference-automatic-encryption-supported-operations`
 - :ref:`qe-reference-mongo-client`
 
 .. toctree::
    :titlesonly:
 
-   /core/queryable-encryption/reference/limitations
    /core/queryable-encryption/reference/supported-operations
    /core/queryable-encryption/reference/qe-options-clients