Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

view
thread

!MAILaRCHIVE_VOTE_RePLACE

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Adrian-Ken Rüegsegger <rueegsegger@...>

To: Martin Willi <martin@...>

Cc: <herbert@...>, <davem@...>, <linux-kernel@...>

Subject: Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec

Date: Thursday, June 5, 2008 - 10:58 am

Martin Willi wrote:
quoted text>> You could register a new SADB algorithm id in pfkeyv2.h and add a new
>> entry to the aalg_list analogous to how GCM is doing that in the aead_list.
>>
>> Adrian
> 
> We could do that, but SADB_X_AALG_SHA2_256HMAC (5) actually refers to
> 128 bit truncation. 96 bit truncation is a leftover of
> draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
> truncation in draft-ietf-ipsec-ciph-sha-256-01. 
> 
> draft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
> truncation for SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
> really obsolete. We could define a new PF_KEY algorithm for 96 bit
> truncation, but it is not really usable as it is not standardized.

I agree that 96bit truncation is obsolete and 128 bit should be used.
However people might be using the current implementation and this patch
could cause trouble for them. The question is if anybody really depends
on the current behavior.

Adrian
--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec, Martin Willi, (Thu Jun 5, 9:06 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:07 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Martin Willi, (Thu Jun 5, 10:45 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Adrian-Ken Rüegsegger, (Thu Jun 5, 10:58 am)

Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for..., Herbert Xu, (Fri Jun 6, 3:53 am)

Navigation

Popular discussions


linux-kernel:
Tarkan Erimer	Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
Greg Kroah-Hartman	[PATCH 005/196] Chinese: add translation of SubmittingDrivers
Kamalesh Babulal	[BUILD-FAILURE] 2.6.26-rc8-mm1 - build failure at drivers/char/hvc_rtas.c
Luciano Rocha	usb hdd problems with 2.6.27.2
linux-netdev:
David Miller	Re: [PATCH] pkt_sched: Destroy gen estimators under rtnl_lock().
Arjan van de Ven	Re: [GIT]: Networking
Christoph Lameter	Network latency regressions from 2.6.22 to 2.6.29
Gerrit Renker	[PATCH 15/37] dccp: Set per-connection CCIDs via socket options
git:

openbsd-misc:

Colocation donated by: