Nicolas Williams wrote:
James makes a good argument that this scheme won't suffice for customers who need that level of assurance. I'm inclined to agree. For customers who don't need that level of assurance then encryption ought to suffice.
Has anyone other than me actually read the current NIST guidelines on this ? [ the url was in my original email message ].
The current NIST guidelines, or at least my reading of it, says that even if you are using encryption and even if you are going to do physical destruction you still need to do something like this.
So this is complementary to encrypting the data - not that we can't in ZFS encryption ALL ZFS metadata (we should be able to encrypt all the file system relevant meta data) at least thats my current belief based on my knowledge of ZFS.
Maybe doing this in ZFS isn't necessary and what we have with format(1M) purge/analyze is the correct user interface.
-- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
