Jeff Bonwick wrote: > There are all kinds of problems with this. It's not OK to grow the > amount of space used -- that'll break quotas, reservations, etc.
Okay so we can't us AES in CCM mode then. That means that the only option will be modes of AES that don't expand. For now that means we will have to use AES_CBC (which is fine because that is already working!). One possibility for using AES in CCM mode is to put the 16 byte MAC data "elsewhere" I'll look for some possibilities - one such possibility is using that as the checksum instead (but that will mean key material must be present to do a resilver/scrub). > We should really get together for a comprehensive design review. > When's the next time you're going to be in town? November 12th - 15th I'll be in MPK. -- Darren J Moffat
