UNIX admin wrote:
Depends on your definition of soon when it comes to
the crypto
support. There is no funded and agreed on roadmap
yet even though
the project exists in opensolaris.org land.
If there is one essential feature that ZFS currently lacks, I believe that
feature would be encryption.
Adding crypto to ZFS isn't that hard once we have IEEE 1619 mode
(AES LRW) implemented in the crypto framework aes module(s).
Dealing with the key management is very hard because thats the critical
bit to making it both usable and secure.
Note that ZFS has been designed with encryption in mind from way
before the first ZFS bits ever integrated into ONNV (and thus
OpenSolaris). There are "reserved" areas in all of the relevant
on disk structures for this.
ZFS with crypto support will be able to be added to an existing
system once it is released. Initially though only new file systems
will be able to benefit from crypto (unlike changing the compression
algorithm).
--
Darren J Moffat
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
