Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 15 May 2016 11:45:42 +0100
From:      "Niall Douglas" <s_sourceforge@nedprod.com>
To:        "freebsd-fs@FreeBSD.org" <freebsd-fs@freebsd.org>
Subject:   Re: State of native encryption in ZFS
Message-ID:  <57385356.4525.E728971@s_sourceforge.nedprod.com>
In-Reply-To: <CAHM0Q_PGvBRbUFOhmin4RKaDKRTRJyjieuaZ5_tjPerK4eRz=w@mail.gmail.com>
References:  <5736E7B4.1000409@gmail.com>, <57378707.19425.B54772B@s_sourceforge.nedprod.com>, <CAHM0Q_PGvBRbUFOhmin4RKaDKRTRJyjieuaZ5_tjPerK4eRz=w@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
--SMime-=-=-Boundary-=-=-99E31796
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: Quoted-printable
Content-Description: Mail message body

On 14 May 2016 at 16:09, K. Macy wrote:

> >> It=E2=80=99s not even clear ho=
w that encryption would be implemented or exposed.
> >>  Per pool?  Per dat=
aset?  Per folder?  Per file?  There have been
> >> requests for all of the=
 above at one time or another, and the key
> >> management challenges for e=
ach are different.  They can also be
> >> implemented at a layer above ZFS,=
 given sufficient interest.
> >
> > If FreeBSD had a bigger PATH_MAX then st=
ackable encryptions layers
> > like ecryptfs (encfs?) would be viable choic=
es. Because encrypted
> > path components are so long, one runs very rapidl=
y into the maximum
> > path on the system when PATH_MAX is so low.
> >
> > I =
ended up actually installing ZFS on Linux with ecryptfs on top to
> > solve=
 this. Every 15 minutes it ZFS snapshot syncs with the FreeBSD
> > edition.=
 This works very well, apart from the poor performance of ZFS
> > on Linux.
=
> >
> > ZFS handles long paths with ease. FreeBSD currently does not :(
> 
> =
AFAICT that's a 1 line patch. Have you tried patching that and
> rebuilding=
 kernel, world, and any vulnerable ports?

The problem is apparently kernel =
structure bloat and that they want 
to remove fixed maximum paths altogethe=
r so it would be boot 
modifiable.

http://freebsd.1045724.n5.nabble.com/misc=
-184340-PATH-MAX-not-interope
rable-with-Linux-td5864469.html

As laudable as=
 the latter goal is, unfortunately OS X and Linux hard 
code theirs, and mu=
ch POSIX software will use whatever PATH_MAX is 
set to. I'm therefore not =
sure the implementation cost is worth it.

In any case, a 1024 byte path lim=
it is just 256 unicode characters 
potentially. That's worse than Windows 9=
5 :(

Niall

-- 
ned Productions Limited Consulting
http://www.nedproductions.bi=
z/ 
http://ie.linkedin.com/in/nialldouglas/



--SMime-=-=-Boundary-=-=-99E31796
Content-Type: application/x-pkcs7-signature; name=SMime.p7s
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=SMime.p7s

MIIY1AYJKoZIhvcNAQcCoIIYxTCCGMECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCFYIwggY0MIIEHKADAgECAgEgMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNV
BAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1cmUg
RGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMSkwJwYDVQQDEyBTdGFydENvbSBD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNzEwMjQyMTAyNTVaFw0xNzEwMjQy
MTAyNTVaMIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEr
MCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYG
A1UEAxMvU3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGll
bnQgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKIVFnAEs+xny
q6UzjCqgDcvQVe1dIoFnRsQPCFO+y92k8RK0Pn3MbQ2Gd+mehh9GBZ+36uUQA7Xj
9AGM6wgPhEE34vKtfpAN5tJ8LcFxveDObCKrL7O5UT9WsnAZHv7OYPYSR68mdmnE
nJ83M4wQgKO19b+Rt8sPDAz9ptkQsntCn4GeJzg3q2SVc4QJTg/WHo7wF2ah5LMO
eh8xJVSKGEmd6uPkSbj113yKMm8vmNptRPmM1+YgmVwcdOYJOjCgFtb2sOP79jji
8uhWR91xx7TpM1K3hv/wrBZwffrmmEpUeuXHRs07JqCCvFh9coKF4UQZvfEg+x3/
69xRCzb1AgMBAAGjggGtMIIBqTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBBjAdBgNVHQ4EFgQUrlWDb+wxyrn3HfqvazHzyB3jrLswHwYDVR0jBBgwFoAU
TgvvGqRAW6UXaYcwyjRoQ9BBrvIwZgYIKwYBBQUHAQEEWjBYMCcGCCsGAQUFBzAB
hhtodHRwOi8vb2NzcC5zdGFydHNzbC5jb20vY2EwLQYIKwYBBQUHMAKGIWh0dHA6
Ly93d3cuc3RhcnRzc2wuY29tL3Nmc2NhLmNydDBbBgNVHR8EVDBSMCegJaAjhiFo
dHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9zZnNjYS5jcmwwJ6AloCOGIWh0dHA6Ly9j
cmwuc3RhcnRzc2wuY29tL3Nmc2NhLmNybDCBgAYDVR0gBHkwdzB1BgsrBgEEAYG1
NwECATBmMC4GCCsGAQUFBwIBFiJodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9wb2xp
Y3kucGRmMDQGCCsGAQUFBwIBFihodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS9pbnRl
cm1lZGlhdGUucGRmMA0GCSqGSIb3DQEBBQUAA4ICAQA6qScNyNO0FpHvaZTQacVM
XH33O51KyEKSRw3IvdQxRu31YR0ZDGdSfgSoOVDVMSBSdmfQfdDInHPzV3LO5DwU
XZ+lxjv7z3PO2OkfnFkvTXPfn6dxJ5rJveDsTsCPcJ/Kp6/+qN5g+J6D/SaYcFD0
18B6L42r0Z4VEBy36P4tjRtF14Ex10tl5tJFVKM16qWKQHbpjIgf73s49UB0CQ5l
HT2DHKfq3oPfdNc5Mk93w1v4ryVb+qVrZIej8NsrWU+5r4O2IV91edDb/OtHFddZ
qHFFXKgS79IHE/hwQ2LW7r3sTX7cDUCg+dfdwO8zeLxuwk2JF8crUoyrl66RGrRI
hT8VoG/OJ1Y9uUlOav69V4cG8upi4ZG2l7JZFbcBFk91Wp+Payo5SuF61CmGFrZ3
86umkmpObtFacXda2O/bVoQ9xHQrzoTc/0KZTWvlZCLK3Ke/vGYT9ZdW9lOjGsSF
bXrlTA919L84iMK+48WGnvRWY28ZaVHpql43AtEGhXze6iNCbEDACy+4hkQYOytA
qDgcxAnQ937mYpeZFPyz/XK9QSt9VNFMuudWxZwDDDJKoQAoSG59Hou9lZ26UrK6
0nRdAQBmEPL8h2nuWgoPh++XVQld9yuhbsWa39Pck8/lcfz5HUVGJF5mc/zk38iV
7FDlF68puiryNq2KXHEpOTCCB3kwggZhoAMCAQICAk++MA0GCSqGSIb3DQEBBQUA
MIGMMQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UE
CxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzE4MDYGA1UEAxMv
U3RhcnRDb20gQ2xhc3MgMiBQcmltYXJ5IEludGVybWVkaWF0ZSBDbGllbnQgQ0Ew
HhcNMTQwNzE5MDUyOTU4WhcNMTYwNzE4MjE1NTM5WjCBjjEZMBcGA1UEDRMQNjlS
SUc0ajZNN2ZpNTRURDELMAkGA1UEBhMCSUUxDTALBgNVBAgTBENvcmsxEzARBgNV
BAcTCktlcnJ5IFBpa2UxFjAUBgNVBAMTDU5pYWxsIERvdWdsYXMxKDAmBgkqhkiG
9w0BCQEWGXNfc291cmNlZm9yZ2VAbmVkcHJvZC5jb20wggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQC0mleHTofGvJXwH9xAr0+IU5dTotN0BOF1W/vhVoOT
bvD0bxesFkPuemSopttKgc94p8FCgEqymbldJrki1cBsc73gODT4XHEigPktcSaF
a2jUxkRmL3gfnhEyQ2d7P+ujJCQcur+Ug1xcJjbpQ8eq1dPI6mznITdARqENYqA6
vhH/VNg2n80ksE5HiA1xx2Trd6synZplenahybHkf1pSlyTS9bKeuKi1awIkF/1w
QxsckB+ZBHdgPxT/RdFqE7aPF5+VSvbP2wEyieOCWDMCRG4mpsa0Ow54Ytdvf7za
6iGn8VWHwe8E85QpYzfp5RUGsScdo2vcpccLrGDMUDV3AZrcOWmE1r9oAvb3b0o1
4VY+ZE052arIPDpxYUOtpw2/rlxOGrdB1MemXuv2CQx2J2w0p6iOTeISB7xWtIi+
ZuCB5db62NnEh3txKvqDHCX8SYK6qE4PSrnHtb+ziCrYLkQ28lCWUPuwoamstLu0
B8ngNXEoOYuv8ADXc/OufLDrlPt7O0p0QvkEqIexBHCbjiohqFxqvxNxzYo20g5u
A3eMymI2F2XOYz/m+muqFYbfy+/2KXrsgjM8oZ5eUqeZES8zY91VH+Ps9ryo/jv/
un6f0FfwzAjO/PkizTxLc5NS138mNBGk/NpWYHCRiTb0A7WiXn2SnpUiGi+IWFyu
uQIDAQABo4IC3zCCAtswCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYw
FAYIKwYBBQUHAwIGCCsGAQUFBwMEMB0GA1UdDgQWBBRpgKYvPXl8EYUnJmSNpjoT
f/OpKjAfBgNVHSMEGDAWgBSuVYNv7DHKufcd+q9rMfPIHeOsuzAkBgNVHREEHTAb
gRlzX3NvdXJjZWZvcmdlQG5lZHByb2QuY29tMIIBTAYDVR0gBIIBQzCCAT8wggE7
BgsrBgEEAYG1NwECAzCCASowLgYIKwYBBQUHAgEWImh0dHA6Ly93d3cuc3RhcnRz
c2wuY29tL3BvbGljeS5wZGYwgfcGCCsGAQUFBwICMIHqMCcWIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MAMCAQEagb5UaGlzIGNlcnRpZmljYXRlIHdh
cyBpc3N1ZWQgYWNjb3JkaW5nIHRvIHRoZSBDbGFzcyAyIFZhbGlkYXRpb24gcmVx
dWlyZW1lbnRzIG9mIHRoZSBTdGFydENvbSBDQSBwb2xpY3ksIHJlbGlhbmNlIG9u
bHkgZm9yIHRoZSBpbnRlbmRlZCBwdXJwb3NlIGluIGNvbXBsaWFuY2Ugb2YgdGhl
IHJlbHlpbmcgcGFydHkgb2JsaWdhdGlvbnMuMDYGA1UdHwQvMC0wK6ApoCeGJWh0
dHA6Ly9jcmwuc3RhcnRzc2wuY29tL2NydHUyLWNybC5jcmwwgY4GCCsGAQUFBwEB
BIGBMH8wOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLnN0YXJ0c3NsLmNvbS9zdWIv
Y2xhc3MyL2NsaWVudC9jYTBCBggrBgEFBQcwAoY2aHR0cDovL2FpYS5zdGFydHNz
bC5jb20vY2VydHMvc3ViLmNsYXNzMi5jbGllbnQuY2EuY3J0MCMGA1UdEgQcMBqG
GGh0dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEAhR1+
CDw7mNmPZUiu/pEteirAI75LpBVUhwuzuU9xfglwFfhAaNX9z95wP3qMphThpIWr
kLR4KkMEgHvJTTJ/3KVq0rnNEt2V3605SZDPPlVnt7MMBOlNN8aeClRP62W/GOXa
RBfO/w7k8yheUnD8OYtU51rFopIamQkRFXcqdZ0V1rUG0GLiPD1CuRevKop7ebcT
YzVFcO0aHFnW2qtn/4OX7W1gQka0pi9zUNXilqXApNjjWIenOtb44KXBFxEqJ7i/
EozUxRExWu7mov+geijuVVYxOT7N7zoQ9aWTJQVn6vNdGqmqZ5XcKtVXHLLFefhh
yTBqa0d2jJ4exZYC5TCCB8kwggWxoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwfTEL
MAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0ZC4xKzApBgNVBAsTIlNl
Y3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxKTAnBgNVBAMTIFN0YXJ0
Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MDkxNzE5NDYzNloXDTM2
MDkxNzE5NDYzNlowfTELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0
ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcx
KTAnBgNVBAMTIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwYjbCbxsRnx4n5V7tTOQ8nJi1sE2
ICIkXs7pd/JDCqIGZKTMjjb4OOYj8G5tsTzdcqOFHKHTPbQzK9Mvr/7qsEFZZ7bE
Bn0KnnSF1nlMgDd63zkFUln39BtGQ6TShYXSw3HzdWI0uiyKfx6P7u000BHHls1S
Pboz1t1N3gs7SkufwiYv+rUWHHI1d8o8XebK4SaLGjZ2XAHbdBQl/u21oIgP3XjK
LR8HlzABLXJ5+kbWEyqouaarg0kd5fLv3eQBjhgKj2NTFoViqQ4ZOsy1ZqbCa3QH
5Cvhdj60bdj2ROFzYh87xL6gU1YlbFEJ96qryr92/W2b853bvz1mvAxWqq+YSJU6
S9+nWFDZOHWpW+pDDAL/mevobE1wWyllnN2qXcyvATHsDOvSjejqnHvmbvcnZgwa
SNduQuM/3iE+e+ENcPtjqqhsGlS0XCV6yaLJixamuyx+F14FTVhuEh0B7hIQDcYy
fxj//PT6zW6R6DZJvhpIaYvClk0aErJpF8EKkNb6eSJIv7p7afhwx/p6N9jYDdJ2
T1f/kLfjkdLd78Jgt2c63f6qnPDUi39yIs7Gn5e2+K+KoBCo2fsYxra1XFI8ibYZ
KnMBCg8DsxJg8novgdujbv8mMJf1i92JV7atPbOvK8W3dgLwpdYrmoYUKnL24zOM
XQlLE9+7jHQTUksCAwEAAaOCAlIwggJOMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
AgGuMB0GA1UdDgQWBBROC+8apEBbpRdphzDKNGhD0EGu8jBkBgNVHR8EXTBbMCyg
KqAohiZodHRwOi8vY2VydC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDAroCmg
J4YlaHR0cDovL2NybC5zdGFydGNvbS5vcmcvc2ZzY2EtY3JsLmNybDCCAV0GA1Ud
IASCAVQwggFQMIIBTAYLKwYBBAGBtTcBAQEwggE7MC8GCCsGAQUFBwIBFiNodHRw
Oi8vY2VydC5zdGFydGNvbS5vcmcvcG9saWN5LnBkZjA1BggrBgEFBQcCARYpaHR0
cDovL2NlcnQuc3RhcnRjb20ub3JnL2ludGVybWVkaWF0ZS5wZGYwgdAGCCsGAQUF
BwICMIHDMCcWIFN0YXJ0IENvbW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEa
gZdMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0aGUgc2VjdGlvbiAqTGVnYWwgTGlt
aXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9w
b2xpY3kucGRmMBEGCWCGSAGG+EIBAQQEAwIABzA4BglghkgBhvhCAQ0EKxYpU3Rh
cnRDb20gRnJlZSBTU0wgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwDQYJKoZIhvcN
AQEFBQADggIBABZsmfRmDDT10IVefQrs2hBOOBxe36YlBUuRMsHoO/E93UQJWwdJ
iinLZgK3sZr3JZgJPI4b4d02hytLu2jTOWY9oCbH8jmRHVGrgnt+1c5a5OIDV3Bp
lwj5XlimCt+MBppFFhY4Cl5X9mLHegIF5rwetfKe9Kkpg/iyFONuKIdEw5Aa3jip
PKxDTWRFzt0oqVzyc3sE+Bfoq7HzLlxkbnMxOhK4vLMR5H2PgVGaO42J9E2TZns8
A+3Tmh2a82VQ9aDQdZ8vr/DqgkOY+GmciXnEQ45GcuNkNhKv9yUeOImQd37Da2q5
w8tES6x4kIvnxyweSxFEyDRSJ80KXZ+FwYnVGnjylRBTMt2AhGZ12bVoKPthLr6E
qDjAmRKGpR5nZK0GLi+pcIXHlg98iWX1jkNUDqvdpYA5lGDANMmWcCyjEvUfSHu9
HH5rt52Q9CI7rvj8Ksr6glKg769LVZPrwbXwIousNE4mIgShhyx1SrflfRPXuAxk
wDbSyS+GEowjCcEbgjtzSaNqV4eU5dZ4xZlDY+NN4Hct4WWZcmkEGkcJ5g8BViT7
H78OealYLrnECQF+lbptAAY+supKEDnY0Cv1v+x1v5cCxQkbCNxVN+KB+zeEQ2Ig
yudWS2Xq/mzBJJMkoTTrBf+aIq6bfT/xZVEKpjBqs/SIHIAN/HKK6INeMYIDGjCC
AxYCAQEwgZMwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQu
MSswKQYDVQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgw
NgYDVQQDEy9TdGFydENvbSBDbGFzcyAyIFByaW1hcnkgSW50ZXJtZWRpYXRlIENs
aWVudCBDQQICT74wCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0B
BwEwHAYJKoZIhvcNAQkFMQ8XDTE2MDUxNTEwNDU0MlowIwYJKoZIhvcNAQkEMRYE
FF7ls6ViN6WT1Qn+5+CYM95Mcl3FMA0GCSqGSIb3DQEBAQUABIICAJDX9JRCC6i+
lD17VA+YTwwMw4V5LXB7NnJNZ/TKFcd4Fn66+D34Jw5H4x79JYKUH1X8QhLF+tmJ
viLlOc6iotuZDgxWJe7H3RV3Tbh0YT7KLZgCpNS3DSW/ttPJnoWaAt5Twl7S0z8+
1IZvxHuYS1C0vybnJ+FR4GLpDwIFT6Tpn5vaR1Y+BzlSZhhnwets0GusTnD8eg2g
cR3A7sXeWcYQrbSBQ4djnBriXMqOGh4/iWdi1GEg25SZ0UTKZrSwTcBCO5yztmSF
/0KekHnqjcpAabpxtpopVeK3GAb9Kg4YqHPU2viF6wug7NTxyCO5oTTnd2DK3CVq
Y5zVe1Ycl4a1pa4NQ45RGefebBJlPO6jpvHFi7zY19bcgslqzGYMEfJM9paMlnYn
S+UbUPcwKV3WHyDy3iaJZ4P510KiYeNATbf/nUzYY6sjdI+PFKsHzWQ1Q83hIYb1
2dYg9n+SVYKFVq1QzArLvFJe2GLTyJXLTxWLb+wbSftZl6Q3IfqiJ5pw8ol/t3jY
6mffUm8a2gkQVEzcIACAyqVtu/WQXmpN7Q2JGd68zjna35nx7dbQ1oWvCP2e9ztd
e1BsbsE+TfZsB2NES7m8z5V+2GYXUfjnlzMP/qLD3OIhbZYifhj750aJWA6v9pUg
jG4ehQcsmznQf3B2080lZKB8bDyDxps7

--SMime-=-=-Boundary-=-=-99E31796--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57385356.4525.E728971>