For ZFS crypto I want to be able to force (at data set create time) the checksum property to have a value of sha256 (actually it might end up being hmac-sha256 but thats not so relevant here) when the encryption property is set to any of the ''on'' values. I would rather not have the user get the dataset into a situation where they are using fletcher but have encryption on; if you are doing encryption you really want to be using a cryptographically strong checksum (as I said above it may end up being hmac-sha256 rather than vanilla sha256). The encryption property will (at least in the initial phase) will be like the new properties being introduced for CIFS, that is they will be able to be set at create time only and will be read-only after that. Having a relationship between the encryption property and checksum one means that we also need to make the checksum property read-only (at least while there is only one cryptographically strong checksum choice). Does this sound reasonable or a bad idea ? -- Darren J Moffat