>>>>> "zu" == zfs user <zf...@itsbeen.sent.com> writes: >>>>> "djm" == Darren J Moffat <darr...@opensolaris.org> writes:
zu> Ugh, we all know that the first rule of crytpo is that any zu> proprietary, closed source, "black-box" crypto is crap, blah, zu> blah, blah (I am not sure what the point of repeating that zu> tired line is) and I am not one to give Oracle an inch but zu> wtf? They just released this crap, give them a minute My educated guess would be that the other encrypted systems released papers about the algorithm either concurrently with the implementation, or sometimes BEFORE the implementation, but not after. It's just silly to think geli or dmcrypt would expect anyone to use them without explaining the algorithm and exposing it to review. Also, Darren has been working on this for THREE YEARS, and he committed it just weeks after the ``opensolaris now closed'' announcement and hg pushing stopped. so, any time in the last three years would have been a better and more reasonable time to release a paper than tomorrow, after the binary proprietary release of the implementation has happened. This would eliminate the need for my objection as well as give the crypto community time to advise Darren's design, which is something I'm surprised he didn't want as much of as possible, but so be it: he's the one doing the work, and good for him, and since based on hints he's dropped I suspect the work is quite good, I'm more interested in reviewing the work that's there than whinging about preciesly how it was done or how long it took or when I can get it. For all that, I'll gladly wait. I just think firstly that the design needs review before trust, and secondly that it's starkly enough against best practice to be borderline irresponsible to release the work at all without subjecting the design to peer review. zu> anything we have seen so far from Oracle shows us is that they zu> are slow to move with external communication about Solaris. yeah, well. what happened after you ``waited'' last time? When people like me were saying ``not all of opensolaris is free software. In fact the free component is shockingly small, albeit an important component,'' and ``the full development cycle from hg to livecd needs to be freed, like it is on *BSD (build.sh) and RHEL (CentOS), so that the project can be forked if, god forbid, it needs to be---forking is bad, but forkability is a key component of freedom,'' and ``it is a problem that the toolchain is proprietary'', people like you said ``just give them time.'' I think we actually did quietly get a few big chunks liberated just by waiting, but still, in the end, you gave them too much time: openindiana and illumos are now struggling to solve parts of these problems without certainty of success, are rushed because Nexenta's business depends on them, and people who have invested in the platform thinking its freedom gave it a stable future are now sitting on many terabytes of locked-in data and many man-hours of doomed scriptage. While the disaster is certainly not complete and some gradual-transition outcomes remain possible, your ``give them time'' advice is basically dead wrong, according to history. How can you say that now? I don't get it. Finally, there's a problem with the style of argument. Not everything on a mailing list is ``$ENTITY sucks/rules.'' I'm allowed to say something critical without implicitly saying ``everything Oracle does and everything they touch is wrong and evil and should be burned with torches.'' I don't really care about Oracle at all. What I said was much more specific, and there's no cause to wait before saying ``I will not take zfs crypto seriously so long as it's a black box.'' The right time to say that is NOW. so, no, I disagree: do not give them time. Wait for the paper, or more likely for the actual source, before using ZFS crypto. That is what you should do with your Time. djm> It is a work in progress. Fine, and good. I thought it might be. In the unlikely event there was any impediment to your writing, and releasing, the paper, hopefully my complaining will be one among many things that helps remove it. Really, it is just mandatory.
pgpogmN8mbJjZ.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss