Darren J Moffat
2006-Mar-08 09:40 UTC
[zfs-crypto-discuss] Re: [osol-discuss] Re: Can we consider ZFS to be production ready now ?
UNIX admin wrote:>> Depends on your definition of soon when it comes to >> the crypto >> support. There is no funded and agreed on roadmap >> yet even though >> the project exists in opensolaris.org land. > > If there is one essential feature that ZFS currently lacks, I believe that feature would be encryption.Adding crypto to ZFS isn''t that hard once we have IEEE 1619 mode (AES LRW) implemented in the crypto framework aes module(s). Dealing with the key management is very hard because thats the critical bit to making it both usable and secure. Note that ZFS has been designed with encryption in mind from way before the first ZFS bits ever integrated into ONNV (and thus OpenSolaris). There are "reserved" areas in all of the relevant on disk structures for this. ZFS with crypto support will be able to be added to an existing system once it is released. Initially though only new file systems will be able to benefit from crypto (unlike changing the compression algorithm). -- Darren J Moffat