From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com
 [IPv6:2a00:1450:400c:c09::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon,  8 Feb 2016 22:51:27 +0100 (CET)
Received: by mail-wm0-x22a.google.com with SMTP id p63so134743315wmp.1
 for <dm-crypt@saout.de>; Mon, 08 Feb 2016 13:51:27 -0800 (PST)
Received: from [192.168.2.28] (218.83.broadband9.iol.cz. [90.176.83.218])
 by smtp.gmail.com with ESMTPSA id b5sm13859763wmh.15.2016.02.08.13.51.26
 for <dm-crypt@saout.de>
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Mon, 08 Feb 2016 13:51:26 -0800 (PST)
References: <CAFnMBaRfu93jkgmZ_vLDChF7Uv-dCE6dNN6YkSxU3EFvn8iHtg@mail.gmail.com>
 <56B20C05.7080307@gmail.com>
From: Milan Broz <gmazyland@gmail.com>
Message-ID: <56B90DDD.1080107@gmail.com>
Date: Mon, 8 Feb 2016 22:51:25 +0100
MIME-Version: 1.0
In-Reply-To: <56B20C05.7080307@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] The future of disk encryption with LUKS2
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: "dm-crypt@saout.de" <dm-crypt@saout.de>

On 02/03/2016 03:17 PM, Milan Broz wrote:

>> Will any of the materials used in the presented posted online
>> somewhere for the rest of us to see?

Slides are here, but it is really just overview talk
https://mbroz.fedorapeople.org/talks/DevConf2016/devconf2016-luks2.pdf
(The talk name was a kind of joke because conference hashtag is #definefuture:)

TL;DR; we have to provide extensible interface for different keyslot types.

[Just note to already crazy discussion here - there will be NO LUKS header
at the end of device. Been there with another storage project and
just no - it is not worth problems it causes.]

[And second note - wiping of encrypted keyslot data is with current
storage devices impossible to do reliably.]

Anyway, the first goal here is to just redefine current on-disk format
to allow keyslot extensions. All possible changes in algorithms can
follow because it becomes "easily" configurable.

Milan
p.s.
There are also live stream recordings on youtube.

But better than watching our LUKS2 overview talk see follow-up talk
  "New Cryptography for Binding Data to Third Parties" 
https://www.youtube.com/watch?v=Ixo8iOpQsNQ
(Note you need to switch camera in stream, there is no official recording
videos yet, this is recording of a live stream from multiple rooms.)

My intention with LUKS2 is to provide interface for this but
keep responsibility for these protocols in separate projects.