On Tue, Aug 15, 2006 at 02:57:50PM -0400, Bill Sommerfeld wrote: > > I'm deeply concerned about this requirement -- in short, basic > principles of crypto hygene require both key and algorithm agility, and > if you can't change this after creation, the ability of ZFS to resist > cryptographic attacks will be significantly diminished. > > I don't think we'll be doing crypto "right" until we can rekey and > upgrade algorithms on the fly. >
The copy-on-write nature of ZFS makes this extremely difficult, particularly w.r.t. to snapshots. That's not to say it can't be solved, only that it won't be solved in the near term (i.e. within the next year). The timeframe for ZFS crypto support is much shorter, and this requirement is entirely reasonable for an initial implementation. That being said, this point has no particular bearing on this feature as designed. I will clarify the wording to note that this only a requirement for the "initial implementation" of ZFS crypto if that would be more appropriate. - Eric -- Eric Schrock, Solaris Kernel Development http://blogs.sun.com/eschrock _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
