That doesn’t make any sense.
You don’t.
Dataset inheritance only works within a pool itself. In this case, it’s just offering to inherit the destination dataset’s encryption from its parent (also on the destination pool).
Heh. I don’t use the GUI for ZFS replications. I’ve found it way too rigid and vague. This is one of those reasons. Your observations are correct.
To accomplish this in the command-line, you would indeed invoke the -w and -R / -p flags. No datasets are required to be unlocked. (Neither on the source or destination.) A raw stream is sent over, and the destination cannot access the data, since the encryptionroot will be in a “locked” state.
To accomplish this in the GUI, you have to ignore (leave unchecked) anything to do with encryption in the task’s configuration. As long as the source is encrypted, and you use “Full Filesystem Replication”, it will invoke the -w and -R flags under the hood. I highly recommend a passphrase instead of a keyfile if you’re using this method.