>>>>> "zu" == zfs user <zf...@itsbeen.sent.com> writes: >>>>> "djm" == Darren J Moffat <darr...@opensolaris.org> writes:
zu> Ugh, we all know that the first rule of crytpo is that any
zu> proprietary, closed source, "black-box" crypto is crap, blah,
zu> blah, blah (I am not sure what the point of repeating that
zu> tired line is) and I am not one to give Oracle an inch but
zu> wtf? They just released this crap, give them a minute
My educated guess would be that the other encrypted systems released
papers about the algorithm either concurrently with the
implementation, or sometimes BEFORE the implementation, but not after.
It's just silly to think geli or dmcrypt would expect anyone to use
them without explaining the algorithm and exposing it to review.
Also, Darren has been working on this for THREE YEARS, and he
committed it just weeks after the ``opensolaris now closed''
announcement and hg pushing stopped. so, any time in the last three
years would have been a better and more reasonable time to release a
paper than tomorrow, after the binary proprietary release of the
implementation has happened. This would eliminate the need for my
objection as well as give the crypto community time to advise Darren's
design, which is something I'm surprised he didn't want as much of as
possible, but so be it: he's the one doing the work, and good for him,
and since based on hints he's dropped I suspect the work is quite
good, I'm more interested in reviewing the work that's there than
whinging about preciesly how it was done or how long it took or when I
can get it. For all that, I'll gladly wait.
I just think firstly that the design needs review before trust, and
secondly that it's starkly enough against best practice to be
borderline irresponsible to release the work at all without subjecting
the design to peer review.
zu> anything we have seen so far from Oracle shows us is that they
zu> are slow to move with external communication about Solaris.
yeah, well. what happened after you ``waited'' last time?
When people like me were saying ``not all of opensolaris is free
software. In fact the free component is shockingly small, albeit an
important component,'' and ``the full development cycle from hg to
livecd needs to be freed, like it is on *BSD (build.sh) and RHEL
(CentOS), so that the project can be forked if, god forbid, it needs
to be---forking is bad, but forkability is a key component of
freedom,'' and ``it is a problem that the toolchain is proprietary'',
people like you said ``just give them time.'' I think we actually did
quietly get a few big chunks liberated just by waiting, but still, in
the end, you gave them too much time: openindiana and illumos are now
struggling to solve parts of these problems without certainty of
success, are rushed because Nexenta's business depends on them, and
people who have invested in the platform thinking its freedom gave it
a stable future are now sitting on many terabytes of locked-in data
and many man-hours of doomed scriptage. While the disaster is
certainly not complete and some gradual-transition outcomes remain
possible, your ``give them time'' advice is basically dead wrong,
according to history. How can you say that now? I don't get it.
Finally, there's a problem with the style of argument. Not everything
on a mailing list is ``$ENTITY sucks/rules.'' I'm allowed to say
something critical without implicitly saying ``everything Oracle does
and everything they touch is wrong and evil and should be burned with
torches.'' I don't really care about Oracle at all. What I said was
much more specific, and there's no cause to wait before saying ``I
will not take zfs crypto seriously so long as it's a black box.'' The
right time to say that is NOW.
so, no, I disagree: do not give them time. Wait for the paper, or
more likely for the actual source, before using ZFS crypto. That is
what you should do with your Time.
djm> It is a work in progress.
Fine, and good. I thought it might be.
In the unlikely event there was any impediment to your writing, and
releasing, the paper, hopefully my complaining will be one among many
things that helps remove it. Really, it is just mandatory.
pgpogmN8mbJjZ.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
