On 02/10/17 23:56, Theodore Ts'o wrote:
On Fri, Feb 10, 2017 at 11:21:17PM +0800, Anand Jain wrote:
IMO not all data center solutions would need file-name encryption,
its better to bring back the option to disable the file-name
encryption.
Why, because you trust the HDD firmware[1]?
[1] https://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/
- Ted
Hi Ted, Richard,
I think my any other reason for not having file-name encryption is
easily overridden by the reason that, if file-name encryption is not
optional now then, it would be a regression as because it was indeed
optional before, in EXT4.
Here its optional to an extent that, if Andorid finds file-name
encryption is mandatory protection to effectively secure the file-data
then, of course the file-name encryption can be enabled for their solutions.
I hope fs/crypto could provide such a flexibility.
Moreover the data center solutions has to worry about the compatibility
of the tools and applications which may or may not run with the uid of
the file-data.
Thanks, Anand
