Bill Sommerfeld wrote:
On Fri, 2006-07-14 at 07:03, Darren J Moffat wrote:
The current plan is that encryption must be turned on when the file
system is created and can't be turned on later. This means that the
zfs-crypto work depends on the RFE to set properties at file system
creation time.
You also won't be able to turn crypto off for a given filesystem later
(because you won't know when all the data is back in the clear again and
you can safely destroy the key).
So, I'd think that, in the fullness of time, you'd want some sort of
mechanism for graceful key roll-over -- i.e., you'd set a new key,
migrate existing data encrypted using the old key to the new key, then
forget the old key; the whole point of keyed cryptography is that the
key is kept both small (so it can more easily remain secret) AND
changeable.
One way, and the initial way we will deal with this, is to have the key
change be done on the "master" wrapping key not on the actual per data
set encryption keys.
One of the goals of the ZFS crypto project is to support multiple
different key management strategies with the same on disk capabilities.
Key roll over is one the agenda for a later phase, as is key expiry
(manual and time based).
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
