> >> djm> Much better for jurisdictions that allow for that, but not all >> not knowing where something physically is at all times? > > I'm not in a position to discuss this jurisdictions requirements and > rationale on a public mailing list. All I'm saying is that data destruction > base only on key destruction/unavailability is not considered enough in some > cases.
Nevertheless i think secure delete cannot exist without cryptography, as more and more devices are available where you can't control the placement of a block. As far as i know those secure delete in SSD is just capable to delete all data, not a single block. Thus the only save way to really delete securely would be the combination of both. When you can't delete a block on device securely, it's protected by the encryption as a last line of defense. However secure deletion by cryptography needs the secure deletion by overwriting the stuff, as you close the attack vector of simply waiting until the cryptographic algorithm is broken. One part can't exist without the other ... Regards Joerg
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
