Site Navigation

Date:      Sun, 15 May 2016 11:45:42 +0100
From:      "Niall Douglas" <s_sourceforge@nedprod.com>
To:        "freebsd-fs@FreeBSD.org" <freebsd-fs@freebsd.org>
Subject:   Re: State of native encryption in ZFS
Message-ID:  <57385356.4525.E728971@s_sourceforge.nedprod.com>
In-Reply-To: <CAHM0Q_PGvBRbUFOhmin4RKaDKRTRJyjieuaZ5_tjPerK4eRz=w@mail.gmail.com>
References:  <5736E7B4.1000409@gmail.com>, <57378707.19425.B54772B@s_sourceforge.nedprod.com>, <CAHM0Q_PGvBRbUFOhmin4RKaDKRTRJyjieuaZ5_tjPerK4eRz=w@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On 14 May 2016 at 16:09, K. Macy wrote:

> >> It’s not even clear how that encryption would be implemented or exposed.
> >>  Per pool?  Per dataset?  Per folder?  Per file?  There have been
> >> requests for all of the above at one time or another, and the key
> >> management challenges for each are different.  They can also be
> >> implemented at a layer above ZFS, given sufficient interest.
> >
> > If FreeBSD had a bigger PATH_MAX then stackable encryptions layers
> > like ecryptfs (encfs?) would be viable choices. Because encrypted
> > path components are so long, one runs very rapidly into the maximum
> > path on the system when PATH_MAX is so low.
> >
> > I ended up actually installing ZFS on Linux with ecryptfs on top to
> > solve this. Every 15 minutes it ZFS snapshot syncs with the FreeBSD
> > edition. This works very well, apart from the poor performance of ZFS
> > on Linux.
> >
> > ZFS handles long paths with ease. FreeBSD currently does not :(
>
> AFAICT that's a 1 line patch. Have you tried patching that and
> rebuilding kernel, world, and any vulnerable ports?

The problem is apparently kernel structure bloat and that they want
to remove fixed maximum paths altogether so it would be boot
modifiable.

http://freebsd.1045724.n5.nabble.com/misc-184340-PATH-MAX-not-interope
rable-with-Linux-td5864469.html

As laudable as the latter goal is, unfortunately OS X and Linux hard
code theirs, and much POSIX software will use whatever PATH_MAX is
set to. I'm therefore not sure the implementation cost is worth it.

In any case, a 1024 byte path limit is just 256 unicode characters
potentially. That's worse than Windows 95 :(

Niall

--
ned Productions Limited Consulting
http://www.nedproductions.biz/
http://ie.linkedin.com/in/nialldouglas/



[-- Attachment #2 --]
0��	*�H��

���0��

10	+0	*�H��


���0�40��

 0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210255Z
171024210255Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�(�E�
,��3�*�
��U�]"�gF�S��ݤ��>}�m
�w鞆F�������
���A7��~�
��|-�q���l"�/��Q?V�p��`�G�&viĜ�73�������������{B���'87�d�s�	N���f��z1%T�I����I���|�2o/��mD���� �\t�	:0�������8���VG�qǴ�3R����p}��JTz��F�;&���X}r���D�� ����Q6�

��
�0�
�0U

�0

�0U

�
0U�U�o�1ʹ���k1��㬻0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�
:�'
�Ӵ��i��i�L\}�;�J�B�G
Ƚ�1F��agR~�9P�1 Rvg�}�Ȝs�Wr��<]���;��s����Y/Msߟ�q'�ɽ��N��p�ʧ����`����&�pP���z/��ў���-�Eׁ1�Ke��ET�5ꥊ@v錈�{8�@t	e=���ރ�t�92Ow�[��%[��kd����+YO����!_uy����G�Y�qE\����pCb���M~�
@������3x�n�M��+R������H�?�o�'V=�INj��W���bᑶ��Y�
OuZ��k*9J�z�)��w󫦒jNn�ZqwZ���V�=�t+΄��B�Mk�d"�ܧ��f��V�S�ąmz�Lu��8�¾�ņ��VcoiQ�^7��|��#Bl@�/��D;+@�8�	��~�b�����r�A+}T�L��VŜ2J�(Hn}�����R���t]
f���i�Z
��U	]�+�nŚ��ܓ��q��EF$^fs���ȕ�P��)�*�6��\q)90�y0�a�
O�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CA0
140719052958Z
160718215539Z0��10U
69RIG4j6M7fi54TD10	UIE1
0UCork10U
Kerry Pike10U
Niall Douglas1(0&	*�H��

	
s_sourceforge@nedprod.com0�"0
	*�H��



�0�
�
��W�N�Ƽ���@�O�S�S��t�u[��V��n��o�C�zd���J��x��B�J���]&�"��ls��84�\q"��-q&�kh��Df/x�2Cg{?�$$����\\&6�CǪ����l�!7@F�
b�:��T�6��$�NG�
q�d�w�2��ezv�ɱ�ZR�$�������k$�pC��w`?�E�j����J���
2��X3Dn&�ƴ;xb�o���!��U����)c7���'�kܥ��`�P5w
��9i�ֿh��oJ5�V>dM9٪�<:qaC��
��\N�A�Ǧ^��	v'l4���M��V���f�������ć{q*��%�I���NJ�ǵ���*�.D6�P�P����������5q(9����s�|���{;JtB����p��*!�\j�q͊6�nw��b6e�c?��k������)z�3<��^R��/3c�U������;��~��W�����"�<Ks�R�&4���V`p��6���^}���"/�X\��

���0��0	U00U�0U%0+
+
0Ui��/=y|�'&d��:�*0U#0��U�o�1ʹ���k1��㬻0$U0�s_sourceforge@nedprod.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 2 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu2-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class2/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class2.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

�~<;�ُeH���-z*�#�K�T���Oq~	p�@h����p?z��ᤅ���x*C�{�M2ܥjҹ�ݕ߭9I��>Ug���M7ƞ
TO�e���D����(^Rp�9�T�ZŢ��	w*u�ֵ�b�<=B��*�{y�c5Ep�Y�ګg����m`BF��/sP�▥����X��:����*'�����1Z����z(�UV19>��:���%g��]��g��*�W��y�a�0jkGv��Ŗ�0��0���


0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0�"0
	*�H��



�0�
�
���	�lF|x��{�3��rb��6 "$^��w�C
�d�̎6�8�#�nm�<�r����=�3+�/���AYg��}
�t��yL�7z�9RY��FC�҅���q�ub4�,����4�ǖ�R=�3��M�;JK��&/��r5w�<]���&�6v\
�t%������x�-�0
-ry�F�*�����I�����
�
�cS�b�:̵f��kt�+�v>�m��D�sb;ľ�SV%lQ	���ʿv�m��ۿ=f�V���H�:KߧXP�8u�[�C����lMp[)e�ݪ]̯
1��ҍ��{�n�'fH�nB�?�!>{�
p�c��lT�\%zɢɋ��,~^MXn
�
�2�����n��6I�Hi�–M�i�
���y"H��{i�p��z7��
�vOW��������`�g:�����ԋr"�Ɵ���������ƶ�\R<��*s

�`�z/�ۣn�&0���݉W��=��+ŷv��+��*r��3�]	K߻�tRK

��R0�N0U0

�0U
�0UN��@[�i�0�4hC�A��0dU]0[0,�*�(�&http://cert.startcom.org/sfsca-crl.crl0+�)�'�%http://crl.startcom.org/sfsca-crl.crl0�
]U �
T0�
P0�
L+

��7


0�
;0/+

#http://cert.startcom.org/policy.pdf05+

)http://cert.startcom.org/intermediate.pdf0��+
0��0' Start Commercial (StartCom) Ltd.0

��Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`�H
��B

08	`�H
��B

+)StartCom Free SSL Certification Authority0
	*�H��


�
l��f4�Ѕ^}
��N8^ߦ%K�2��;�=�D	[I�)�f����%�	<���6�+K�h�9f=�&��9�Q��{~��Z��Wpi��^X�
ߌ�E8
^W�b�z�����)����n(�DÐ�8�<�CMdE��(�\�s{�諱�.\dns1:����}��Q�;���M�f{<�Ӛ��eP���u�/���C��i��y�C�Fr�d6��%8��w~�kj���DK�x����,KD�4R'�
]�����x�S2݀�fuٵh(�a.���8����gd�./�p�ǖ|�e��CT�ݥ�9�`�4ɖp,��H{�~k����";���*���R��KU�����"��4N&"��,uJ��}׸d�6��/��#	��;sI�jW����xřCc�M�w-�e�riG	�
V$��y�X.��	
~��m>��J9��+���u���	�U7��7�Cb ��VKe��l�$�$�4���"��}?�eQ
�0j���
�r��^1�0�

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CAO�0	+�]0	*�H��

	1	*�H��


0	*�H��

	1
160515104542Z0#	*�H��

	1^峥b7���	����3�Lr]�0
	*�H��



�����B���={T�OÅy-p{6rMg���x~��=�'G��%��U�B��ى�"�9΢�ۙV%���wM�ta>�-��Է
%���ɞ���S�^��?>Ԇo�{�KP��&�'�Q�b�O�韛�GV>9Rfg��l�k�Np�z
�q����Y����C�c��\ʎ?�gb�a ۔��D�f��M�B;���d��B��y��@i�q��)U��*�s����������#��4�w`��%jc��{V�����
C�Q��le<�ŋ����܂�j�f�L����v'K�P�0)]� ��&�g���B�a�@M���L�c�#t����d5C��!���� ��U��V�P�
˼R^�b�ȕ�O�o�I�Y��7!��'�p��x��g�Ro�	TL� �ʥm���^jM�
�޼�9�ߙ����օ����;]{Pln�>M�lcDK��ϕ~�fQ��3�����!m�"~��F�X��� �n�,�9�pv��%d�|l<�ƛ;

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57385356.4525.E728971>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact