> This RFE is also required for crypto support, as the encryption
> algorithm must be known when the filesystem is created.
I'm deeply concerned about this requirement -- in short, basic
principles of crypto hygene require both key and algorithm agility, and
if you can't change this after creation, the ability of ZFS to resist
cryptographic attacks will be significantly diminished.
I don't think we'll be doing crypto "right" until we can rekey and
upgrade algorithms on the fly.
- Bill
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
