>The Ceph Object Gateway supports server-side encryption of uploaded objects, with 3 options for the management of encryption keys. Server-side encryption means that the data is sent over HTTP in its unencrypted form, and the Ceph Object Gateway stores that data in the Ceph Storage Cluster in encrypted form. It sounds like OSD to OSD traffic is unencrypted. 1) Does "stores data in the cluster in encrypted form" mean *only* if the --dmcrypt option is used? 2) Does that mean the zone to zone copy across a WAN is also unencrypted? -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
