eric kustarz wrote: > On Sep 12, 2007, at 4:31 AM, Darren J Moffat wrote: > >> The DMU layer will determine which objects in be encrypted when being >> placed in a dataset that has the encryption property turned on. >> >> http://opensolaris.org/os/project/zfs-crypto/phase1/dmu_ot/ >> >> Which of these marked as FALSE can be and should be *TRUE* ? > > I'm wondering if the DMU_OT_SPA_HISTORY object should be encrypted to > "hide" (whatever the proper security word is) the command history.
No. The goal as I understand it is to protect data inside a dataset. Administrative policies (eg, dataset names, properties) are not protected by design. The history just exposes these policies via a different means. --matt
