From owner-freebsd-current@FreeBSD.ORG  Tue Sep  7 17:57:40 2010
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 97A2310656DB;
	Tue,  7 Sep 2010 17:57:40 +0000 (UTC) (envelope-from oberman@es.net)
Received: from mailgw.es.net (mail1.es.net [IPv6:2001:400:201:1::2])
	by mx1.freebsd.org (Postfix) with ESMTP id 8283D8FC18;
	Tue,  7 Sep 2010 17:57:40 +0000 (UTC)
Received: from ptavv.es.net (ptavv.es.net [IPv6:2001:400:910::29])
	by mailgw.es.net (8.14.3/8.14.3) with ESMTP id o87Hvc8i005835
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
	Tue, 7 Sep 2010 10:57:38 -0700
Received: from ptavv.es.net (localhost [127.0.0.1])
	by ptavv.es.net (Tachyon Server) with ESMTP id 889611CC3A;
	Tue,  7 Sep 2010 10:57:38 -0700 (PDT)
To: Robert Watson <rwatson@FreeBSD.org>
In-reply-to: Your message of "Tue, 07 Sep 2010 14:28:33 BST."
	<alpine.BSF.2.00.1009071425410.32656@fledge.watson.org> 
Date: Tue, 07 Sep 2010 10:57:38 -0700
From: "Kevin Oberman" <oberman@es.net>
Message-Id: <20100907175738.889611CC3A@ptavv.es.net>
Cc: Gleb Kurtsou <gleb.kurtsou@gmail.com>, freebsd-current@FreeBSD.org
Subject: Re: RFC: pefs - stacked cryptographic filesystem 
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2010 17:57:40 -0000

On Mon, 6 Sep 2010, Gleb Kurtsou wrote:

> I would like to ask for feedback on a kernel level stacked cryptographic 
> filesystem. It has started as Summer Of Code'2009 project and matured a lot 
> since then. I've recently added support for sparse files and switched to XTS 
> encryption mode.
>
> I've been using it to encrypt my home directory for almost a year already, 
> and use fsx, dbench and blogbench for testing. So it should be fairly 
> stable.
>
> Tested on top of ZFS, UFS and tmpfs on amd64 and i386; both 9-CURRENT and 
> 8-STABLE supported.
>
> Please email me separately if you're willing to help testing on big endian 
> machine, XTS code doesn't look endian correct.
>
> At this point all of the project goals complete and I'd like it to get wider 
> coverage in terms of tests and reviews and hope to see it commited to HEAD 
> soon.

I've got to ask a probably dumb question...how is this better then geli
encrypted objects? I've used them for sometime with excellent results.

Or does it provide functionality that geli does not?
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman@es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751