On Thu, Sep 14, 2006 at 06:26:46PM -0500, Mike Gerdts wrote: > On 9/14/06, Chad Lewis <[EMAIL PROTECTED]> wrote: > >Better still would be the forthcoming cryptographic extensions in some > >kind of digital-signature mode. > > When I first saw extended attributes I thought that would be a great > place to store a digital signature of the file. I'm not saying that > it is up to ZFS to generate or manage the signature. > > The nice thing about it is that so long as the private key is secret, > the signature stays with the file as it is moved, taken to tape, other > file systems, etc. so long as the file manipulation mechanisms support > extended-attributes.
Hmm. Picture a magic attribute that returns a checksum of the file's contents and which recomputes this checksum only the first time it is read after the file has changed. Internally ZFS could invalidate this checksum whenever the file changes, then recompute and store the attribute when the attribute is next read. That sounds useful, but if read at unexpected times it would be observed as a slow down by users. I think I'd rather ZFS export a ZFS checksum (O(1)) instead (also as a magic attribute) and let auditing systems do any additional checksumming explicitly. Nico -- _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
