On Dec 20, 2006, at 5:46 AM, Darren J Moffat wrote:
james hughes wrote:
Not to add a cold blanket to this...
This would be mostly a "vanity erase" not really a serious
"security erase" since it will not over write the remnants of
remapped sectors.
Indeed and as you said there is other software to deal with this
for those types of customers that need that. There are also
physical destruction methods as well.
This is intended as a defense in depth measure and also a
sufficiently good measure for the customers that don't need full
compliance with NIST like requirements that need degausing or
physical destruction.
Govt, finance, healthcare all require the NIST overwrite...
It is intended to make customers more comfortable about handing
disks back to their vendor.
These are the people that have the tools to get the data back.
Today we need to manually run format(1M)'s analyze/purge for that.
Most banks do not return the disks, they return the top plate to get
the warrantee credit and then just keep the disks...
Are you saying that you don't think this is sufficiently useful
that we should implement this in ZFS or are you just pointing out
that for a some security policies this is not enough ?
I think more the former. Lets also discuss who this policy will be
enough for.
The load on the system may be as large as encrypting the data if you
purge all files, and if you don't then you have the problem of
finding all former copies of the data.
The complexity of implementation may be on par with encryption.
The caveats that need to be placed in the man pages on when this is
not enough are problematic, and if the customer doesn't read it...
It just seems to be a lot of work for not a lot of benefit.
My mind is not make up here, so these discussions are good...
--
Darren J Moffat
_______________________________________________
security-discuss mailing list
[EMAIL PROTECTED]
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
