On Wed, Dec 16, 2015 at 11:33 PM, Sage Weil wrote:
> On Wed, 16 Dec 2015, Adam Kupczyk wrote:
>> On Tue, Dec 15, 2015 at 3:23 PM, Lars Marowsky-Bree wrote:
>> > On 2015-12-14T14:17:08, Radoslaw Zarzynski wrote:
>> >
>> > Hi all,
>> >
>> > great to see this revived.
>> >
>> > However, I have come
On Wed, 16 Dec 2015, Adam Kupczyk wrote:
> On Tue, Dec 15, 2015 at 3:23 PM, Lars Marowsky-Bree wrote:
> > On 2015-12-14T14:17:08, Radoslaw Zarzynski wrote:
> >
> > Hi all,
> >
> > great to see this revived.
> >
> > However, I have come to see some concerns with handling the encryption
> > within
On Tue, Dec 15, 2015 at 3:23 PM, Lars Marowsky-Bree wrote:
> On 2015-12-14T14:17:08, Radoslaw Zarzynski wrote:
>
> Hi all,
>
> great to see this revived.
>
> However, I have come to see some concerns with handling the encryption
> within Ceph itself.
>
> The key part to any such approach is formu
On Tue, Dec 15, 2015 at 10:04 PM, Gregory Farnum wrote:
> On Tue, Dec 15, 2015 at 1:58 AM, Adam Kupczyk wrote:
>>
>>
>> On Mon, Dec 14, 2015 at 9:28 PM, Gregory Farnum wrote:
>>>
>>> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
>>> wrote:
>>> > Hello Folks,
>>> >
>>> > I would like to pu
On Tue, Dec 15, 2015 at 10:04 PM, Gregory Farnum wrote:
> On Tue, Dec 15, 2015 at 1:58 AM, Adam Kupczyk wrote:
>>
>>
>> On Mon, Dec 14, 2015 at 9:28 PM, Gregory Farnum wrote:
>>>
>>> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
>>> wrote:
>>> > Hello Folks,
>>> >
>>> > I would like to pu
On Mon, 2015-12-14 at 14:32 -0800, Gregory Farnum wrote:
> On Mon, Dec 14, 2015 at 2:02 PM, Martin Millnert
> wrote:
> > On Mon, 2015-12-14 at 12:28 -0800, Gregory Farnum wrote:
> > > On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
> >
> > > > In typical case ciphertext data transferred from
Hi,
Thanks for this detailed response.
- Original Message -
> From: "Lars Marowsky-Bree"
> To: "Ceph Development"
> Sent: Tuesday, December 15, 2015 9:23:04 AM
> Subject: Re: Improving Data-At-Rest encryption in Ceph
>
> It's not yet perfe
On Tue, Dec 15, 2015 at 1:58 AM, Adam Kupczyk wrote:
>
>
> On Mon, Dec 14, 2015 at 9:28 PM, Gregory Farnum wrote:
>>
>> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
>> wrote:
>> > Hello Folks,
>> >
>> > I would like to publish a proposal regarding improvements to Ceph
>> > data-at-rest en
On Mon, Dec 14, 2015 at 10:52 PM, Martin Millnert wrote:
> On Mon, 2015-12-14 at 14:17 +0100, Radoslaw Zarzynski wrote:
>> Hello Folks,
>>
>> I would like to publish a proposal regarding improvements to Ceph
>> data-at-rest encryption mechanism. Adam Kupczyk and I worked
>> on that in last weeks.
I agree with Lars's concerns: the main problems with the current dm-crypt
approach are that there isn't any key management integration yet and the
root volume and swap aren't encrypted. Those are easy to solve (and I'm
hoping we'll be able to address them in time for Jewel).
On the other hand,
On 2015-12-14T14:17:08, Radoslaw Zarzynski wrote:
Hi all,
great to see this revived.
However, I have come to see some concerns with handling the encryption
within Ceph itself.
The key part to any such approach is formulating the threat scenario.
For the use cases we have seen, the data-at-rest
On Mon, Dec 14, 2015 at 11:02 PM, Martin Millnert wrote:
> On Mon, 2015-12-14 at 12:28 -0800, Gregory Farnum wrote:
>> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
>
>> > In typical case ciphertext data transferred from OSD to OSD can be
>> > used without change. This is when both OSDs hav
On Mon, Dec 14, 2015 at 9:28 PM, Gregory Farnum wrote:
>
> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
> wrote:
> > Hello Folks,
> >
> > I would like to publish a proposal regarding improvements to Ceph
> > data-at-rest encryption mechanism. Adam Kupczyk and I worked
> > on that in last w
On Mon, Dec 14, 2015 at 2:02 PM, Martin Millnert wrote:
> On Mon, 2015-12-14 at 12:28 -0800, Gregory Farnum wrote:
>> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
>
>> > In typical case ciphertext data transferred from OSD to OSD can be
>> > used without change. This is when both OSDs have
On Mon, 2015-12-14 at 12:28 -0800, Gregory Farnum wrote:
> On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
> > In typical case ciphertext data transferred from OSD to OSD can be
> > used without change. This is when both OSDs have the same crypto key
> > version for given placement group. In r
On Mon, 2015-12-14 at 14:17 +0100, Radoslaw Zarzynski wrote:
> Hello Folks,
>
> I would like to publish a proposal regarding improvements to Ceph
> data-at-rest encryption mechanism. Adam Kupczyk and I worked
> on that in last weeks.
>
> Initially we considered several architectural approaches an
On Mon, Dec 14, 2015 at 5:17 AM, Radoslaw Zarzynski
wrote:
> Hello Folks,
>
> I would like to publish a proposal regarding improvements to Ceph
> data-at-rest encryption mechanism. Adam Kupczyk and I worked
> on that in last weeks.
>
> Initially we considered several architectural approaches and m
17 matches
Mail list logo
