From owner-freebsd-fs@freebsd.org Sat May 14 20:20:21 2016 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44CB8B3BEAD for ; Sat, 14 May 2016 20:20:21 +0000 (UTC) (envelope-from s_sourceforge@nedprod.com) Received: from mail.nedprod.com (europe4.nedproductions.biz [213.251.186.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EF1151AA2 for ; Sat, 14 May 2016 20:20:20 +0000 (UTC) (envelope-from s_sourceforge@nedprod.com) Received: from authenticated-user (mail.nedprod.com [213.251.186.177]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.nedprod.com (Postfix) with ESMTPSA id 3172315932 for ; Sat, 14 May 2016 21:13:59 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nedprod.com; s=mail; t=1463256839; bh=QjBGX/yTmJqmcAhGDKnzyPmWcg3xMoRQ3mp66fj81pk=; h=From:To:Date:Subject:In-reply-to:References:From; b=eE2WzNZlvBQ6zm7f3n3zEPYOzvwt2d9hlmU7Ov/53SSg02DCNYrfoUKDMslVSX303 4gVYCRYAz+z7wu4zRACcZN5i0JHrwu8Rj9+LcldQhNIwlECWZcvGLkgAAxzNpspvvv 4gtZ7VTLDzLFETZqris/NLRBCLBqnBAmRoKMj3O6cj63CNgFf2HxhEUI85MUBwCQo4 23HDSUOew7JgrkNbGVtjFcMdOaPNSS8CaWq6bCCwgtOpSEKLkJ/MPXySvwDN78asCB wMadtMHnj8jV0wSONudE6z433fwJLBrkdk3w16RmgoIcIhDzHGJowWQnQG59opu9Nv NKCuSJcOqVEqQ== From: "Niall Douglas" To: freebsd-fs@freebsd.org Date: Sat, 14 May 2016 21:13:59 +0100 MIME-Version: 1.0 Subject: Re: State of native encryption in ZFS Message-ID: <57378707.19425.B54772B@s_sourceforge.nedprod.com> Priority: normal In-reply-to: <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> References: <5736E7B4.1000409@gmail.com>, <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> X-PM-Encryptor: IDWSM-PM32, 4 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="SMime-=-=-Boundary-=-=-F1A5CA31" X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2016 20:20:21 -0000 --SMime-=-=-Boundary-=-=-F1A5CA31 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: Quoted-printable Content-Description: Mail message body On 14 May 2016 at 11:03, Jordan Hubbard wrote: > It=E2=80=99s not even clea= r how that encryption would be implemented or exposed. > Per pool? Per da= taset? Per folder? Per file? There have been > requests for all of the a= bove at one time or another, and the key > management challenges for each a= re different. They can also be > implemented at a layer above ZFS, given s= ufficient interest. If FreeBSD had a bigger PATH_MAX then stackable encryp= tions layers like ecryptfs (encfs?) would be viable choices. Because encry= pted path components are so long, one runs very rapidly into the maximum p= ath on the system when PATH_MAX is so low. I ended up actually installing Z= FS on Linux with ecryptfs on top to solve this. Every 15 minutes it ZFS sn= apshot syncs with the FreeBSD edition. This works very well, apart from th= e poor performance of ZFS on Linux. ZFS handles long paths with ease. FreeB= SD currently does not :( Niall -- ned Productions Limited Consulting http://w= ww.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/ --SMime-=-=-Boundary-=-=-F1A5CA31 Content-Type: application/x-pkcs7-signature; name=SMime.p7s Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=SMime.p7s MIIY1AYJKoZIhvcNAQcCoIIYxTCCGMECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3 DQEHAaCCFYIwggY0MIIEHKADAgECAgEgMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAyNTVaFw0xNzEwMjQy MTAyNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEr MCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGll bnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKIVFnAEs+xny q6UzjCqgDcvQVe1dIoFnRsQPCFO+y92k8RK0Pn3MbQ2Gd+mehh9GBZ+36uUQA7Xj 9AGM6wgPhEE34vKtfpAN5tJ8LcFxveDObCKrL7O5UT9WsnAZHv7OYPYSR68mdmnE nJ83M4wQgKO19b+Rt8sPDAz9ptkQsntCn4GeJzg3q2SVc4QJTg/WHo7wF2ah5LMO eh8xJVSKGEmd6uPkSbj113yKMm8vmNptRPmM1+YgmVwcdOYJOjCgFtb2sOP79jji 8uhWR91xx7TpM1K3hv/wrBZwffrmmEpUeuXHRs07JqCCvFh9coKF4UQZvfEg+x3/ 69xRCzb1AgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE AwIBBjAdBgNVHQ4EFgQUrlWDb+wxyrn3HfqvazHzyB3jrLswHwYDVR0jBBgwFoAU TgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsGAQUFBzAB hhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6 Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFo dHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9j cmwuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1 NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xp Y3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRl cm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQA6qScNyNO0FpHvaZTQacVM XH33O51KyEKSRw3IvdQxRu31YR0ZDGdSfgSoOVDVMSBSdmfQfdDInHPzV3LO5DwU XZ+lxjv7z3PO2OkfnFkvTXPfn6dxJ5rJveDsTsCPcJ/Kp6/+qN5g+J6D/SaYcFD0 18B6L42r0Z4VEBy36P4tjRtF14Ex10tl5tJFVKM16qWKQHbpjIgf73s49UB0CQ5l HT2DHKfq3oPfdNc5Mk93w1v4ryVb+qVrZIej8NsrWU+5r4O2IV91edDb/OtHFddZ qHFFXKgS79IHE/hwQ2LW7r3sTX7cDUCg+dfdwO8zeLxuwk2JF8crUoyrl66RGrRI hT8VoG/OJ1Y9uUlOav69V4cG8upi4ZG2l7JZFbcBFk91Wp+Payo5SuF61CmGFrZ3 86umkmpObtFacXda2O/bVoQ9xHQrzoTc/0KZTWvlZCLK3Ke/vGYT9ZdW9lOjGsSF bXrlTA919L84iMK+48WGnvRWY28ZaVHpql43AtEGhXze6iNCbEDACy+4hkQYOytA qDgcxAnQ937mYpeZFPyz/XK9QSt9VNFMuudWxZwDDDJKoQAoSG59Hou9lZ26UrK6 0nRdAQBmEPL8h2nuWgoPh++XVQld9yuhbsWa39Pck8/lcfz5HUVGJF5mc/zk38iV 7FDlF68puiryNq2KXHEpOTCCB3kwggZhoAMCAQICAk++MA0GCSqGSIb3DQEBBQUA MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew HhcNMTQwNzE5MDUyOTU4WhcNMTYwNzE4MjE1NTM5WjCBjjEZMBcGA1UEDRMQNjlS SUc0ajZNN2ZpNTRURDELMAkGA1UEBhMCSUUxDTALBgNVBAgTBENvcmsxEzARBgNV BAcTCktlcnJ5IFBpa2UxFjAUBgNVBAMTDU5pYWxsIERvdWdsYXMxKDAmBgkqhkiG 9w0BCQEWGXNfc291cmNlZm9yZ2VAbmVkcHJvZC5jb20wggIiMA0GCSqGSIb3DQEB AQUAA4ICDwAwggIKAoICAQC0mleHTofGvJXwH9xAr0+IU5dTotN0BOF1W/vhVoOT bvD0bxesFkPuemSopttKgc94p8FCgEqymbldJrki1cBsc73gODT4XHEigPktcSaF a2jUxkRmL3gfnhEyQ2d7P+ujJCQcur+Ug1xcJjbpQ8eq1dPI6mznITdARqENYqA6 vhH/VNg2n80ksE5HiA1xx2Trd6synZplenahybHkf1pSlyTS9bKeuKi1awIkF/1w QxsckB+ZBHdgPxT/RdFqE7aPF5+VSvbP2wEyieOCWDMCRG4mpsa0Ow54Ytdvf7za 6iGn8VWHwe8E85QpYzfp5RUGsScdo2vcpccLrGDMUDV3AZrcOWmE1r9oAvb3b0o1 4VY+ZE052arIPDpxYUOtpw2/rlxOGrdB1MemXuv2CQx2J2w0p6iOTeISB7xWtIi+ ZuCB5db62NnEh3txKvqDHCX8SYK6qE4PSrnHtb+ziCrYLkQ28lCWUPuwoamstLu0 B8ngNXEoOYuv8ADXc/OufLDrlPt7O0p0QvkEqIexBHCbjiohqFxqvxNxzYo20g5u A3eMymI2F2XOYz/m+muqFYbfy+/2KXrsgjM8oZ5eUqeZES8zY91VH+Ps9ryo/jv/ un6f0FfwzAjO/PkizTxLc5NS138mNBGk/NpWYHCRiTb0A7WiXn2SnpUiGi+IWFyu uQIDAQABo4IC3zCCAtswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYw FAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRpgKYvPXl8EYUnJmSNpjoT f/OpKjAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzAkBgNVHREEHTAb gRlzX3NvdXJjZWZvcmdlQG5lZHByb2QuY29tMIIBTAYDVR0gBIIBQzCCAT8wggE7 BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz c2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENl cnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdh cyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVx dWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9u bHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhl IHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeGJWh0 dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEB BIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIv Y2xhc3MyL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNz bC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqG GGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEAhR1+ CDw7mNmPZUiu/pEteirAI75LpBVUhwuzuU9xfglwFfhAaNX9z95wP3qMphThpIWr kLR4KkMEgHvJTTJ/3KVq0rnNEt2V3605SZDPPlVnt7MMBOlNN8aeClRP62W/GOXa RBfO/w7k8yheUnD8OYtU51rFopIamQkRFXcqdZ0V1rUG0GLiPD1CuRevKop7ebcT YzVFcO0aHFnW2qtn/4OX7W1gQka0pi9zUNXilqXApNjjWIenOtb44KXBFxEqJ7i/ EozUxRExWu7mov+geijuVVYxOT7N7zoQ9aWTJQVn6vNdGqmqZ5XcKtVXHLLFefhh yTBqa0d2jJ4exZYC5TCCB8kwggWxoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwfTEL MAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNl Y3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0 Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2 MDkxNzE5NDYzNlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0 ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx KTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4n5V7tTOQ8nJi1sE2 ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZZ7bE Bn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1S Pboz1t1N3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjK LR8HlzABLXJ5+kbWEyqouaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH 5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ96qryr92/W2b853bvz1mvAxWqq+YSJU6 S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHsDOvSjejqnHvmbvcnZgwa SNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B7hIQDcYy fxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2 T1f/kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZ KnMBCg8DsxJg8novgdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOM XQlLE9+7jHQTUksCAwEAAaOCAlIwggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD AgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD0EGu8jBkBgNVHR8EXTBbMCyg KqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDAroCmg J4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRw Oi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0 cDovL2NlcnQuc3RhcnRjb20ub3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUF BwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEa gZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlvbiAqTGVnYWwgTGlt aXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9w b2xpY3kucGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3Rh cnRDb20gRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcN AQEFBQADggIBABZsmfRmDDT10IVefQrs2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJ iinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmRHVGrgnt+1c5a5OIDV3Bp lwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdEw5Aa3jip PKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8 A+3Tmh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5 w8tES6x4kIvnxyweSxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6E qDjAmRKGpR5nZK0GLi+pcIXHlg98iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9 HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIousNE4mIgShhyx1SrflfRPXuAxk wDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkEGkcJ5g8BViT7 H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDGjCC AxYCAQEwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgw NgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs aWVudCBDQQICT74wCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B BwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDUxNDIwMTQwMFowIwYJKoZIhvcNAQkEMRYE FJd00ELGADNb1Jtlgwz93OHOLdd1MA0GCSqGSIb3DQEBAQUABIICABzsuVBeC1Ov 93IY7YRk/F8hN9J3O2ln6xDOfgqbsML4ZaDFWDkmB3ycQ6T1/AS1jwKBFAHBX7/w UzPEUV2InX9a2RCf3gS/0bVCd+36azWILj1xRjH722fxADlTXSHA0G3yofgyzIcm +6KlrGiSpmgnXo9ILe8NBKgzvrU2KtSfT4eDEPPZF9V9Ui4mP0R04zNxw7sXWwuR zHE72Z38XLCWI+46GHpiKywXspsP+pbFcoXpHPjnVk9gatCzPbwaIxJZHsqTqyiT xjLkMug7CCrWpaYAod/aqRXD6l0I8+KaAbr+EYfvzMMJ7L/oGYubruSMtMK5O4Nr YaKCRJDAYIMaC2+6uuVUMlTF0mifKECXUKrIJ23gULLTYsd15ifPglZxSXi+hCZS 6fHy/wlhjpnR74LllwP41cIXy2VrC5NVnbzSSKPgPXEm47aJXiayvpg6/x9LAAQt pXJb5rw7CK9QZ0UzeOdAPPzTzujitTkLLBdhumPbZjFFDnaxgjKpPaK06vfeV9Ky yJIfc8gS5N0bnlUwO0JvFe9rNQ15cnIaiA1Lm+msnTvtNvj3Iz6hbMPaijA4KYZ/ Hk/BVer/oB2gjnXHZ7w+S2VO7K/OVFD9kV1urVLIfTCxLATdM3DN2p86LUmkiJ5D ydtN1HZa1+UAqAxndegubxsxhpFjgh0E --SMime-=-=-Boundary-=-=-F1A5CA31--