Re: [zfs-discuss] Encryption through compression?

Thu, 12 Mar 2009 02:56:08 -0700 

Hello Darren,



Monish Shah wrote:

Hello everyone,
My understanding is that the ZFS crypto framework will not release until 2010. 

That is incorrect information, where did you get that from ?
It was in Mike Shapiro's presentation at the Open Solaris Storage Summit that took place a couple of weeks ago. Perhaps I mis-read the slide, but I'm pretty sure it listed encryption as a feature for 2010. 

...


3.  There is no key management framework.


That is impossible there has to be key management somewhere.
What I meant was, the compression framework does not have key management framework. Using our hardware (which I mentioned later in my mail), the key management would come with the hardware, since we store keys in the hardware. We provide a utility to manage the keys stored in the hardware. 

...
If it is specific to your companies hardware I doubt it would ever get integrated into OpenSolaris particularly given the existing zfs-crypto project has no hardware dependencies at all.
The better way to use your encryption hardware is to get it plugged into the OpenSolaris cryptographic framework (see the crypto project on OpenSolaris.org)
That was precisely what I want thinking originally. However, if it is out in 2010, there is temptation to do our own project, which I thought could be done in a couple of months. (In light of your comment below, my estimate may have been wildly optimistic, but the foregoing is merely an explanation of what I was thinking.)
Does anyone see any problems with this? There are probably various gotchas here that I haven't thought of. If you can think of any, please let me know.
The various gotchas are the things that have been taking me and the rest of the ZFS team a large part of the zfs-crypto project to resolve. It really isn't as simple as you think it is - if it were then the zfs-crypto project would be done by now!
If you really want to help get encryption for ZFS then please come and join the already existing project rather than starting another one from scratch.
If the schedule is much sooner than 2010, I would definitely do so. What is your present schedule estimate? 


--
Darren J Moffat
Monish 
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

Reply via email to