Site Navigation

Date:      Sat, 14 May 2016 21:13:59 +0100
From:      "Niall Douglas" <s_sourceforge@nedprod.com>
To:        freebsd-fs@freebsd.org
Subject:   Re: State of native encryption in ZFS
Message-ID:  <57378707.19425.B54772B@s_sourceforge.nedprod.com>
In-Reply-To: <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com>
References:  <5736E7B4.1000409@gmail.com>, <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
On 14 May 2016 at 11:03, Jordan Hubbard wrote:

> It’s not even clear how that encryption would be implemented or exposed.
>  Per pool?  Per dataset?  Per folder?  Per file?  There have been
> requests for all of the above at one time or another, and the key
> management challenges for each are different.  They can also be
> implemented at a layer above ZFS, given sufficient interest.

If FreeBSD had a bigger PATH_MAX then stackable encryptions layers
like ecryptfs (encfs?) would be viable choices. Because encrypted
path components are so long, one runs very rapidly into the maximum
path on the system when PATH_MAX is so low.

I ended up actually installing ZFS on Linux with ecryptfs on top to
solve this. Every 15 minutes it ZFS snapshot syncs with the FreeBSD
edition. This works very well, apart from the poor performance of ZFS
on Linux.

ZFS handles long paths with ease. FreeBSD currently does not :(

Niall

--
ned Productions Limited Consulting
http://www.nedproductions.biz/
http://ie.linkedin.com/in/nialldouglas/



[-- Attachment #2 --]
0��	*�H��

���0��

10	+0	*�H��


���0�40��

 0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210255Z
171024210255Z0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CA0�
"0
	*�H��



�
0�

�

�(�E�
,��3�*�
��U�]"�gF�S��ݤ��>}�m
�w鞆F�������
���A7��~�
��|-�q���l"�/��Q?V�p��`�G�&viĜ�73�������������{B���'87�d�s�	N���f��z1%T�I����I���|�2o/��mD���� �\t�	:0�������8���VG�qǴ�3R����p}��JTz��F�;&���X}r���D�� ����Q6�

��
�0�
�0U

�0

�0U

�
0U�U�o�1ʹ���k1��㬻0U#0�N��@[�i�0�4hC�A��0f+


Z0X0'+
0
�http://ocsp.startssl.com/ca0-+
0�!http://www.startssl.com/sfsca.crt0[UT0R0'�%�#�!http://www.startssl.com/sfsca.crl0'�%�#�!http://crl.startssl.com/sfsca.crl0��U y0w0u+

��7

0f0.+

"http://www.startssl.com/policy.pdf04+

(http://www.startssl.com/intermediate.pdf0
	*�H��


�
:�'
�Ӵ��i��i�L\}�;�J�B�G
Ƚ�1F��agR~�9P�1 Rvg�}�Ȝs�Wr��<]���;��s����Y/Msߟ�q'�ɽ��N��p�ʧ����`����&�pP���z/��ў���-�Eׁ1�Ke��ET�5ꥊ@v錈�{8�@t	e=���ރ�t�92Ow�[��%[��kd����+YO����!_uy����G�Y�qE\����pCb���M~�
@������3x�n�M��+R������H�?�o�'V=�INj��W���bᑶ��Y�
OuZ��k*9J�z�)��w󫦒jNn�ZqwZ���V�=�t+΄��B�Mk�d"�ܧ��f��V�S�ąmz�Lu��8�¾�ņ��VcoiQ�^7��|��#Bl@�/��D;+@�8�	��~�b�����r�A+}T�L��VŜ2J�(Hn}�����R���t]
f���i�Z
��U	]�+�nŚ��ܓ��q��EF$^fs���ȕ�P��)�*�6��\q)90�y0�a�
O�0
	*�H��


0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CA0
140719052958Z
160718215539Z0��10U
69RIG4j6M7fi54TD10	UIE1
0UCork10U
Kerry Pike10U
Niall Douglas1(0&	*�H��

	
s_sourceforge@nedprod.com0�"0
	*�H��



�0�
�
��W�N�Ƽ���@�O�S�S��t�u[��V��n��o�C�zd���J��x��B�J���]&�"��ls��84�\q"��-q&�kh��Df/x�2Cg{?�$$����\\&6�CǪ����l�!7@F�
b�:��T�6��$�NG�
q�d�w�2��ezv�ɱ�ZR�$�������k$�pC��w`?�E�j����J���
2��X3Dn&�ƴ;xb�o���!��U����)c7���'�kܥ��`�P5w
��9i�ֿh��oJ5�V>dM9٪�<:qaC��
��\N�A�Ǧ^��	v'l4���M��V���f�������ć{q*��%�I���NJ�ǵ���*�.D6�P�P����������5q(9����s�|���{;JtB����p��*!�\j�q͊6�nw��b6e�c?��k������)z�3<��^R��/3c�U������;��~��W�����"�<Ks�R�&4���V`p��6���^}���"/�X\��

���0��0	U00U�0U%0+
+
0Ui��/=y|�'&d��:�*0U#0��U�o�1ʹ���k1��㬻0$U0�s_sourceforge@nedprod.com0�
LU �
C0�
?0�
;+

��7
0�
*0.+

"http://www.startssl.com/policy.pdf0��+
0��0' StartCom Certification Authority0

��This certificate was issued according to the Class 2 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U/0-0+�)�'�%http://crl.startssl.com/crtu2-crl.crl0��+


��009+
0
�-http://ocsp.startssl.com/sub/class2/client/ca0B+
0�6http://aia.startssl.com/certs/sub.class2.client.ca.crt0#U0�http://www.startssl.com/0
	*�H��


�

�~<;�ُeH���-z*�#�K�T���Oq~	p�@h����p?z��ᤅ���x*C�{�M2ܥjҹ�ݕ߭9I��>Ug���M7ƞ
TO�e���D����(^Rp�9�T�ZŢ��	w*u�ֵ�b�<=B��*�{y�c5Ep�Y�ګg����m`BF��/sP�▥����X��:����*'�����1Z����z(�UV19>��:���%g��]��g��*�W��y�a�0jkGv��Ŗ�0��0���


0
	*�H��


0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
060917194636Z
360917194636Z0}10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0�"0
	*�H��



�0�
�
���	�lF|x��{�3��rb��6 "$^��w�C
�d�̎6�8�#�nm�<�r����=�3+�/���AYg��}
�t��yL�7z�9RY��FC�҅���q�ub4�,����4�ǖ�R=�3��M�;JK��&/��r5w�<]���&�6v\
�t%������x�-�0
-ry�F�*�����I�����
�
�cS�b�:̵f��kt�+�v>�m��D�sb;ľ�SV%lQ	���ʿv�m��ۿ=f�V���H�:KߧXP�8u�[�C����lMp[)e�ݪ]̯
1��ҍ��{�n�'fH�nB�?�!>{�
p�c��lT�\%zɢɋ��,~^MXn
�
�2�����n��6I�Hi�–M�i�
���y"H��{i�p��z7��
�vOW��������`�g:�����ԋr"�Ɵ���������ƶ�\R<��*s

�`�z/�ۣn�&0���݉W��=��+ŷv��+��*r��3�]	K߻�tRK

��R0�N0U0

�0U
�0UN��@[�i�0�4hC�A��0dU]0[0,�*�(�&http://cert.startcom.org/sfsca-crl.crl0+�)�'�%http://crl.startcom.org/sfsca-crl.crl0�
]U �
T0�
P0�
L+

��7


0�
;0/+

#http://cert.startcom.org/policy.pdf05+

)http://cert.startcom.org/intermediate.pdf0��+
0��0' Start Commercial (StartCom) Ltd.0

��Limited Liability, read the section *Legal Limitations* of the StartCom Certification Authority Policy available at http://cert.startcom.org/policy.pdf0	`�H
��B

08	`�H
��B

+)StartCom Free SSL Certification Authority0
	*�H��


�
l��f4�Ѕ^}
��N8^ߦ%K�2��;�=�D	[I�)�f����%�	<���6�+K�h�9f=�&��9�Q��{~��Z��Wpi��^X�
ߌ�E8
^W�b�z�����)����n(�DÐ�8�<�CMdE��(�\�s{�諱�.\dns1:����}��Q�;���M�f{<�Ӛ��eP���u�/���C��i��y�C�Fr�d6��%8��w~�kj���DK�x����,KD�4R'�
]�����x�S2݀�fuٵh(�a.���8����gd�./�p�ǖ|�e��CT�ݥ�9�`�4ɖp,��H{�~k����";���*���R��KU�����"��4N&"��,uJ��}׸d�6��/��#	��;sI�jW����xřCc�M�w-�e�riG	�
V$��y�X.��	
~��m>��J9��+���u���	�U7��7�Cb ��VKe��l�$�$�4���"��}?�eQ
�0j���
�r��^1�0�

0��0��10	UIL10U

StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 2 Primary Intermediate Client CAO�0	+�]0	*�H��

	1	*�H��


0	*�H��

	1
160514201400Z0#	*�H��

	1�t�B�3[ԛe�����-�u0
	*�H��



��P^S��r�d�_!7�w;ig��~
����e��X9&|�C������
�_��S3�Q]��Z����ѵBw��k5�.=qF1��g�9S]!��m��2̇&����h��h'^�H-�
�3��6*ԟO�����}R.&?Dt�3qû[��q;ٝ�\��#�:zb+,�����r����VO`jг=�#Yʓ�(��2�2�;*֥���ک��]��
������	�����䌴¹;�ka��D��`�o���T2T��h�(@�P��'m�P��b�u�'ςVqIx��&R����	a���������ek�U���H��=q&㶉^&���:�K-�r[�;�PgE3x�@<�����9,a�c�f1Ev��2�=�����WҲȒs����U0;Bo�k5
yrr�
K�鬝;�6��#>�l�ڊ08)�O�U�����u�g�>KeN��TP��]n�R�}0�,�3p�ڟ:-I���C��M�vZ���gu�.o1��c�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57378707.19425.B54772B>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact