On Fri, 2006-07-14 at 07:03, Darren J Moffat wrote:
> The current plan is that encryption must be turned on when the file
> system is created and can't be turned on later. This means that the
> zfs-crypto work depends on the RFE to set properties at file system
> creation time.
>
> You also won't be able to turn crypto off for a given filesystem later
> (because you won't know when all the data is back in the clear again and
> you can safely destroy the key).
So, I'd think that, in the fullness of time, you'd want some sort of
mechanism for graceful key roll-over -- i.e., you'd set a new key,
migrate existing data encrypted using the old key to the new key, then
forget the old key; the whole point of keyed cryptography is that the
key is kept both small (so it can more easily remain secret) AND
changeable.
Perhaps this needs additional infrastructure from ZFS to move/reallocate
already-allocated blocks, but I'd think that infrastructure would also
be useful for the "pool shrink" RFE as well...
- Bill
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
