From owner-freebsd-fs@freebsd.org Sat May 14 18:03:07 2016 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AA3E1B39EE1 for ; Sat, 14 May 2016 18:03:07 +0000 (UTC) (envelope-from jkh@mail.turbofuzz.com) Received: from barracuda.ixsystems.com (barracuda.ixsystems.com [12.229.62.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.ixsystems.com", Issuer "Go Daddy Secure Certificate Authority - G2" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 90FC01B47 for ; Sat, 14 May 2016 18:03:07 +0000 (UTC) (envelope-from jkh@mail.turbofuzz.com) X-ASG-Debug-ID: 1463248986-08ca045f6814edc0001-3nHGF7 Received: from zimbra.ixsystems.com ([10.246.0.20]) by barracuda.ixsystems.com with ESMTP id kY5XJrrheEuyXSZf (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 14 May 2016 11:03:06 -0700 (PDT) X-Barracuda-Envelope-From: jkh@mail.turbofuzz.com X-Barracuda-RBL-Trusted-Forwarder: 10.246.0.20 X-ASG-Whitelist: Client Received: from localhost (localhost [127.0.0.1]) by zimbra.ixsystems.com (Postfix) with ESMTP id 42945C89106; Sat, 14 May 2016 11:03:06 -0700 (PDT) Received: from zimbra.ixsystems.com ([127.0.0.1]) by localhost (zimbra.ixsystems.com [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id eB5Ptb9bsLOo; Sat, 14 May 2016 11:03:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.ixsystems.com (Postfix) with ESMTP id C789CC8910F; Sat, 14 May 2016 11:03:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at ixsystems.com Received: from zimbra.ixsystems.com ([127.0.0.1]) by localhost (zimbra.ixsystems.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id yyRsT45QjbpO; Sat, 14 May 2016 11:03:05 -0700 (PDT) Received: from [172.20.0.10] (vpn.ixsystems.com [10.249.0.2]) by zimbra.ixsystems.com (Postfix) with ESMTPSA id 9C0C9C89106; Sat, 14 May 2016 11:03:05 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: State of native encryption in ZFS From: Jordan Hubbard X-ASG-Orig-Subj: Re: State of native encryption in ZFS In-Reply-To: <5736E7B4.1000409@gmail.com> Date: Sat, 14 May 2016 11:03:05 -0700 Cc: freebsd-fs@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> References: <5736E7B4.1000409@gmail.com> To: Ruslan Yakauleu X-Mailer: Apple Mail (2.3124) X-Barracuda-Connect: UNKNOWN[10.246.0.20] X-Barracuda-Start-Time: 1463248986 X-Barracuda-Encrypted: ECDHE-RSA-AES256-GCM-SHA384 X-Barracuda-URL: https://10.246.0.26:443/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at ixsystems.com X-Barracuda-BRTS-Status: 1 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2016 18:03:07 -0000 > On May 14, 2016, at 1:54 AM, Ruslan Yakauleu = wrote: >=20 > I wish to know somethign new about native encryption in ZFS for = FreeBSD. > Any works in this direction are conducted? Short and simple answer: No. We also recently talked to Matt Ahrens (essentially the OpenZFS = =E2=80=9Cproject lead=E2=80=9D and who determines what goes upstream) at = the FreeBSD Storage Summit and he expressed very little interest in = =E2=80=9Cnative encryption=E2=80=9D for ZFS, seeing little to no benefit = (for what would be a lot of engineering work) in doing it at the ZFS = layer vs simply continuing to use the GELI encryption at the = block-device layer that FreeBSD already supports. It=E2=80=99s not even clear how that encryption would be implemented or = exposed. Per pool? Per dataset? Per folder? Per file? There have = been requests for all of the above at one time or another, and the key = management challenges for each are different. They can also be = implemented at a layer above ZFS, given sufficient interest. - Jordan