Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

From: Herbert Xu
Date: Fri Jun 06 2008 - 03:54:12 EST

Next message: Stephen Rothwell: "Re: linux-next: Tree for June 5"
Previous message: Andrew Morton: "Re: linux-next: Tree for June 5"
In reply to: Adrian-Ken RÃegsegger: "Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 05, 2008 at 04:58:49PM +0200, Adrian-Ken Rüegsegger wrote:
>
> I agree that 96bit truncation is obsolete and 128 bit should be used.
> However people might be using the current implementation and this patch
> could cause trouble for them. The question is if anybody really depends
> on the current behavior.

I think the way we're currently representing the truncation length
is not ideal. We should move over to the way it's done for AEAD
algorithms, i.e., let user-space supply us with the truncation
length. That way the problem lies with them :) More importantly,
this would allows us to support multiple truncation lengths.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Rothwell: "Re: linux-next: Tree for June 5"
Previous message: Andrew Morton: "Re: linux-next: Tree for June 5"
In reply to: Adrian-Ken RÃegsegger: "Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]