Date: Sat, 14 May 2016 11:03:05 -0700 From: Jordan Hubbard <jkh@mail.turbofuzz.com> To: Ruslan Yakauleu <quazinode@gmail.com> Cc: freebsd-fs@freebsd.org Subject: Re: State of native encryption in ZFS Message-ID: <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> In-Reply-To: <5736E7B4.1000409@gmail.com> References: <5736E7B4.1000409@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On May 14, 2016, at 1:54 AM, Ruslan Yakauleu <quazinode@gmail.com> wrote: > > I wish to know somethign new about native encryption in ZFS for FreeBSD. > Any works in this direction are conducted? Short and simple answer: No. We also recently talked to Matt Ahrens (essentially the OpenZFS “project lead” and who determines what goes upstream) at the FreeBSD Storage Summit and he expressed very little interest in “native encryption” for ZFS, seeing little to no benefit (for what would be a lot of engineering work) in doing it at the ZFS layer vs simply continuing to use the GELI encryption at the block-device layer that FreeBSD already supports. It’s not even clear how that encryption would be implemented or exposed. Per pool? Per dataset? Per folder? Per file? There have been requests for all of the above at one time or another, and the key management challenges for each are different. They can also be implemented at a layer above ZFS, given sufficient interest. - Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0CE6E456-CC25-4AED-A73E-F5BBE659F795>