From owner-freebsd-fs@freebsd.org Sat May 14 23:09:37 2016 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C357DB3B3AE for ; Sat, 14 May 2016 23:09:37 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-io0-x235.google.com (mail-io0-x235.google.com [IPv6:2607:f8b0:4001:c06::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 97AA012EE for ; Sat, 14 May 2016 23:09:37 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by mail-io0-x235.google.com with SMTP id f89so172159358ioi.0 for ; Sat, 14 May 2016 16:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-transfer-encoding; bh=FHhEIaJOoVDM3Sdew5YBzjDfAKivihrgG2u+nI9zunA=; b=p2gHDk2WZoCRe/AMR0cmBz/8nJHIIhbYlPhjeHtNgmJHQtPBPKujxKri+fPwS3K/ph 4rMhjRc3ggcdJ1ARAgUJt1wAFgiy/jQdQEVvMTvtNKTbYSBgidb1Yebcw7mTvWAFz1yH tcQbdNI663NMFuznjiZawvZz9sc35NSBLt5znPyvxJVVQoNpJ091H3b8wDyvQmHviYHh 7gUjWnXkwpjPxnHzyNX15srWDb5Hq10DePmeZ6elh30EpTa1/WYIKG7bT9tJ4YFxaYOw n5YUkyj30ImIC0A4YlZU+8c/y0Jaj9aN0hNvT4poVW92LBGlsb+jVi2+Wbgbl5r7VWXq KMJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-transfer-encoding; bh=FHhEIaJOoVDM3Sdew5YBzjDfAKivihrgG2u+nI9zunA=; b=BEdqmGMT+L/VLVDMRfHHUIQjl2ntMGnRu46D/w16uPyWt/+ucrkQ6w0FcsEgWebdLc FnGJULg/wFAeqCNS0tZJHIWI/7izHGSkuC2YqBJoM/yN/Cvo7uRUd2dG7WxEdlFcEgzR wzkmhTyG3o8n8RkphE5imdd/IBHQXLexF3wDQ9gYhKMGZvlIxocJz8cht5U/mJuG0YBS qzbKwcn3yCV+Tw/v9sa4KXkPxPYCsiZ6A+7CSJvcebrHrh2Ret4GJgfx93E4qNZNLpTC yVLNrC50ONnxTni04P9XjyzhZbmqRTWLajWlq6VQnKFZe74IE4r5tKlckgMuzIyQoZ7O 6Qhw== X-Gm-Message-State: AOPr4FUbaPJzRUqwJB8iz51ykS/qXiWlGxLhmT4Qq24w6B05Px0UqPhny0ZRzjn5BL8+Y5M6x9gZoTdZaBNKhA== MIME-Version: 1.0 X-Received: by 10.107.7.170 with SMTP id g42mr15472224ioi.81.1463267376914; Sat, 14 May 2016 16:09:36 -0700 (PDT) Sender: kmacybsd@gmail.com Received: by 10.107.140.8 with HTTP; Sat, 14 May 2016 16:09:36 -0700 (PDT) In-Reply-To: <57378707.19425.B54772B@s_sourceforge.nedprod.com> References: <5736E7B4.1000409@gmail.com> <0CE6E456-CC25-4AED-A73E-F5BBE659F795@mail.turbofuzz.com> <57378707.19425.B54772B@s_sourceforge.nedprod.com> Date: Sat, 14 May 2016 16:09:36 -0700 X-Google-Sender-Auth: YAhRioaOhietV_bBq9529mueY08 Message-ID: Subject: Re: State of native encryption in ZFS From: "K. Macy" To: Niall Douglas Cc: "freebsd-fs@FreeBSD.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2016 23:09:37 -0000 On Sat, May 14, 2016 at 1:13 PM, Niall Douglas via freebsd-fs wrote: > On 14 May 2016 at 11:03, Jordan Hubbard wrote: > >> It=E2=80=99s not even clear how that encryption would be implemented or = exposed. >> Per pool? Per dataset? Per folder? Per file? There have been >> requests for all of the above at one time or another, and the key >> management challenges for each are different. They can also be >> implemented at a layer above ZFS, given sufficient interest. > > If FreeBSD had a bigger PATH_MAX then stackable encryptions layers > like ecryptfs (encfs?) would be viable choices. Because encrypted > path components are so long, one runs very rapidly into the maximum > path on the system when PATH_MAX is so low. > > I ended up actually installing ZFS on Linux with ecryptfs on top to > solve this. Every 15 minutes it ZFS snapshot syncs with the FreeBSD > edition. This works very well, apart from the poor performance of ZFS > on Linux. > > ZFS handles long paths with ease. FreeBSD currently does not :( > AFAICT that's a 1 line patch. Have you tried patching that and rebuilding kernel, world, and any vulnerable ports? -M