Date: Sat, 14 May 2016 11:03:05 -0700 From: Jordan Hubbard <jkh@mail.turbofuzz.com> To: Ruslan Yakauleu <quazinode@gmail.com> Cc: freebsd-fs@freebsd.org Subject: Re: State of native encryption in ZFS Message-ID: <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> In-Reply-To: <5736E7B4.1000409@gmail.com> References: <5736E7B4.1000409@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On May 14, 2016, at 1:54 AM, Ruslan Yakauleu <quazinode@gmail.com> = wrote: >=20 > I wish to know somethign new about native encryption in ZFS for = FreeBSD. > Any works in this direction are conducted? Short and simple answer: No. We also recently talked to Matt Ahrens (essentially the OpenZFS = =E2=80=9Cproject lead=E2=80=9D and who determines what goes upstream) at = the FreeBSD Storage Summit and he expressed very little interest in = =E2=80=9Cnative encryption=E2=80=9D for ZFS, seeing little to no benefit = (for what would be a lot of engineering work) in doing it at the ZFS = layer vs simply continuing to use the GELI encryption at the = block-device layer that FreeBSD already supports. It=E2=80=99s not even clear how that encryption would be implemented or = exposed. Per pool? Per dataset? Per folder? Per file? There have = been requests for all of the above at one time or another, and the key = management challenges for each are different. They can also be = implemented at a layer above ZFS, given sufficient interest. - Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0CE6E456-CC25-4AED-A73E-F5BBE659F795>