Re: [PATCH v5 00/18] btrfs: add fscrypt integration

[Sweet Tea Dorminy <sweettea-kernel@dorminy.me>]

We had a very productive meeting and have greatly changed the design: we 
now plan to implement authenticated encryption, and have per-extent keys 
instead of per-extent nonces, which will greatly improve the 
cryptographic characteristics over this version. Many thanks for the 
discussion, both in the meeting and on the document.

The document has been updated to hopefully reflect the discussion we 
had; further comments are always appreciated. 
https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing 


I look forward to working on implementing the new design; thanks to all!

Sweet Tea

On 11/21/22 12:26, Sweet Tea Dorminy wrote:
> I appreciate the conversation happening on the doc; thank ya'll for 
> reading and commenting.
> 
> Would it be worth having a meeting on Zoom or the like this week to 
> discuss the way forward for getting encryption for btrfs, be that one of 
> the extent-based encryption variations or AEAD?
> 
> Thanks!
> 
> Sweet Tea
> 
> On 11/16/22 15:19, Sweet Tea Dorminy wrote:
>>
>>
>> On 11/3/22 15:22, Paul Crowley wrote:
>>> Thank you for creating this! I'm told the design document [1] no
>>> longer reflects the current proposal in these patches. If that's so I
>>> think it's worth bringing the design document up to date so we can
>>> review the cryptography. Thanks!
>>>
>>> [1] 
>>> https://docs.google.com/document/d/1iNnrqyZqJ2I5nfWKt7cd1T9xwU0iHhjhk9ALQW3XuII/edit
>>
>> I apologize for the delay; I realized when this thread was bumped just 
>> now that my attempt to share the updated doc didn't seem to make it to 
>> the mailing list.
>>
>> https://docs.google.com/document/d/1janjxewlewtVPqctkWOjSa7OhCgB8Gdx7iDaCDQQNZA/edit?usp=sharing is an update of the design document that hopefully is what you're requesting.