For ZFS crypto I want to be able to force (at data set create time) the
checksum property to have a value of sha256 (actually it might end up
being hmac-sha256 but thats not so relevant here) when the encryption
property is set to any of the 'on' values.
I would rather not have the user get the dataset into a situation where
they are using fletcher but have encryption on; if you are doing
encryption you really want to be using a cryptographically strong
checksum (as I said above it may end up being hmac-sha256 rather than
vanilla sha256).
The encryption property will (at least in the initial phase) will be
like the new properties being introduced for CIFS, that is they will be
able to be set at create time only and will be read-only after that.
Having a relationship between the encryption property and checksum one
means that we also need to make the checksum property read-only (at
least while there is only one cryptographically strong checksum choice).
Does this sound reasonable or a bad idea ?
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
