james hughes wrote:
While ciphertext stealing has been discussed (technically), do we have consensus on how this will be used in the light of the T10 520 byte sector format?
This standard is about the transform itself, the usage is outside the scope in any case (except perhaps in some non-normative motivation sections). In terms of usage, the short answer is that "encryption and decryption will have to happen at the same logical layer". No doubt there will be cases where this constraint forces the encryption to cover only 512 bytes, and it is equally clear that there will be cases where this constraint still allows encryption of "odd-size" sectors.
I would hate to put this into the document and then have T10 say this is of no use to them because our assumptions were naive?
(a) I very (very very) much doubt that the capability of encrypting "odd size" sectors will be useless to them, and (b) T10 are not the only thing that exists in the world. I am pretty sure that in my company there are people that can use the capability of encrypting sectors of size 520 bytes (or 524 bytes, or whatever), regardless of T10. I expect that the same is true for other companies too. The point is that extending the transform to handle sectors of other sizes is just that - an extension. Anyone who could use the current spec will still be able to use the extended spec, but it is likely that the extension will open other usage possibilities. And I don't see that we have options that we need to choose from and could be influenced by what T10 can or cannot use: By now we all know how the spec will be extended. -- Shai