Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

!MAILaRCHIVE_VOTE_RePLACE
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
To: Adrian-Ken <rueegsegger@...>
Cc: <herbert@...>, <davem@...>, <linux-kernel@...>
Date: Thursday, June 5, 2008 - 10:45 am

> You could register a new SADB algorithm id in pfkeyv2.h and add a new

We could do that, but SADB_X_AALG_SHA2_256HMAC (5) actually refers to
128 bit truncation. 96 bit truncation is a leftover of
draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
truncation in draft-ietf-ipsec-ciph-sha-256-01. 

draft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
truncation for SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
really obsolete. We could define a new PF_KEY algorithm for 96 bit
truncation, but it is not really usable as it is not standardized.

Martin



--
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:07 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Martin Willi, (Thu Jun 5, 10:45 am)
Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:58 am)