Let's assume I build a storage system where each user gets his/her own encrypted filesystem on top of a ZFS pool. Would deduplication on pool-level still work when each fs is encrypted?
What encryption options do I have or which should be favoured? Is anyone using such a setup, where the userspace is opaque to the sys-admin?
If the user's file systems are built by cloning a template one, you'll have deduplication and encryption working fine together unless you change the file system keys.
If the file systems have no relationship outside being in the same pool, the keys used will be different so the same data will create non deduplicable encrypted blocks.
See this blog for details.