Joseph Mocker wrote:
Jeff Victor wrote:
And if that file system is multiple terrabytes would you be okay
with there being a read and write lock while this runs ?
I am only guessing, but when encryption is "important enough" the
answer is "yes." But the next question is then "is this situation
common enough to justify the effort."
If it is "important enough" wouldn't you want the data to start out
encrypted ?
:-)
Requirements for the security of data storage can change over time.
Both for increasing it and decreasing it.
On the other hand, if you are migrating your data from a plain
datastore to an encrypted datastore, how much do you trust the plain
datastore in the first place?
It's often not about trusting the unencrypted data but preventing access
to it - the classic example of this being important is the "stolen laptop".
The upgrading of Solaris on a laptop (bfu, etc) is a good case in point
for wanting to be able to migrate a data set from unencrypted to
encrypted, either all at once or progressively:
- ZFS pool that is strictly data
- upgrade/install the OS
- import the ZFS pool into a ZFS that supports encryption
now how do I get my data encrypted?
Darren
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
