Darren J Moffat wrote:
One other area where is is useful is when you are in a jurisdiction
where a court order may require you to produce your encryption keys -
yes such jurisdictions exist and I don't want to debate the "human
rights" angle or social engineering aspects of this just state that it
exists.
I think in these cases you want plausable deniability where different
encryption keys produce different view of the disk, none of which
give away that there are any other correct views of the data.
If it is possible to destroy a small piece of the ZFS meta data (key
material) and that makes it thereafter impossible to encrypt data,
sure, but otherwise, bleaching is probably going to take a bit too
long once you hear the knock on the door...
For such environments you may not want to use encryption, because you
could be forced to give up your key, or even if you are you want a
background method of destroying the cipher text without doing full
disk destruction.
Think of court cases between companies rather than criminal activity.
For corporations there are different requirements, for examples laws
that regulate data retention. Not only this but you also need to make
sure that the data you want to make "unavailable" never got backed
up or that those backups get wiped...
Darren
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
