> I think he wants to avoid the *!!SEVERE!!* performance problems in
> loopback crypto. A crypto plugin directly to filesystems would certainly
> avoid most of it.
I'm currently in the situation where I need to mount an encrypted file
system over NFS (on a slow link), and the performance considerations
pretty much rule out the loop approach. (Currently I'm using CFS
because I found no other choice[1], but it is another loop approach -
stacking one NFS on top of another NFS - and that makes it painfully
slow too.)
The theoretically best solution is TCFS (www.tcfs.it), which builds
encryption into the NFS client alone, but it is not available for
anything newer than Linux 2.2.16.
Olaf
[1] Esp. if the requirement is that it can survive a kernel upgrade.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Apr 23 2001 - 21:00:41 EST