Darren J Moffat
2006-Mar-10 10:43 UTC
[zfs-crypto-discuss] Re: [osol-discuss] Re: Re: Can we consider ZFS to be production ready now ?
UNIX admin wrote:>> Adding crypto to ZFS isn''t that hard once we have >> IEEE 1619 mode >> (AES LRW) implemented in the crypto framework aes >> module(s). >> >> Dealing with the key management is very hard because >> thats the critical >> bit to making it both usable and secure. > > (Scratching head) > If I had to solve this problem, I''d say that encryption could be implemented relatively painlessly using lofs(7FS). This approach seems the most elegant to me. Has this been considered?That solves a slightly different problem and gets you different results. It certainly has been considered and it may still happen as a complementary offering. It has actually been done before on Solaris and Linux as a research project - I don''t have the reference to hand. However it doesn''t in the slightest change the key management problem, in fact it might in some cases make it worse. -- Darren J Moffat
Reasonably Related Threads
- brtfs on Solaris? (Re: [osol-discuss] [indiana-discuss] So when are we gonna fork this sucker?)
- Re: [osol-discuss] Possibility to change GUID zfs pool at import
- [Fwd: [osol-discuss] SVOSUG - This Thurs, August 24, Sunay Tripathi presents Crossbow 7:30pm SCA03]
- [osol-discuss] Re: bare metal ZFS ? How To ?
- dtrace-discuss Digest, Vol 80, Issue 6