Encryption is closer to being integrated into illumos than some may think - https://github.com/openzfs/openzfs/pull/124. Thank Jorgen Lundman for the port.
We need reviewers, especially those with a security background to take a look at the port. -Alek On Wed, Oct 25, 2017 at 8:13 AM Guenther Alka <[email protected]> wrote: > hello Al > > I know lofi and have even implemented management of lofi encrypted pools > in napp-it. But lofi is not a competitive solution to BSD or Linux disk > encryption for file server use (Lofi is very good to backup a smaller > amount of encrypted data to unsecure places) and by far not competitive > to native Solaris encryption with encryption as a filesystem property > where each filesystem can have its own key. > > As I know that Datto has implemented native ZFS encryption with supposed > requests from all Open-ZFS platforms as a superiour solution, I hope > that this will merge into Illumos soon, see > > > https://www.datto.com/blog/zfs-encryption-will-hopefully-come-to-the-openzfs-community > https://zfs.datto.com/slides/caputi.pdf > > The new EU law with fines up to 10 Mio Euro or 2 % of a worldwide volume > of sales even on smaller infringements or 20 Mio Euro or 4% of a > worldwide volume of sales for grave ones may require to force all > efforts to implement technical precautionary measures for a state of the > art data security. > > I expect a massive wave of adhortatory letters next year.... > > Gea > @napp-it.org > > > Am 25.10.2017 um 13:35 schrieb Al Slater: > > Hi Guenther, > > > > On 24/10/17 11:45, Guenther Alka wrote: > >> Currently Illumos lacks this feature so it may be that this is a > >> criteria that rules out Illumos based systems in various use cases in > >> favour of Solaris or BSD/ZoL solutions with disk based encryption. > > Illumos does have methods for disk encryption, just not ZFS native yet. > > > > See > > https://blogs.oracle.com/darren/encrypting-zfs-pools-using-lofi-crypto > > on how to encrypt ZFS volumes > > > >> What is the state of native ZFS encryption in Illumos - derived from > >> Datto/ZoL as encryption moves from a nice to have to an absolutely > >> mandatory feature then? ------------------------------------------ illumos-discuss Archives: https://illumos.topicbox.com/groups/discuss/discussions/Tc490ebf4eeea4b13-Me1c494f6035e01c0c0e27793 Powered by Topicbox: https://topicbox.com
