| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Jul 2008 12:07:21 +0900 (JST)
From: YOSHIFUJI Hideaki / 吉藤英明
<yoshfuji@...ux-ipv6.org>
To: agl@...erialviolet.org
Cc: netdev@...r.kernel.org, yoshfuji@...ux-ipv6.org
Subject: Re: [RFC 2/2] TCP: Add TCP-AO support
In article <396556a20807181922t32c05b86l335de10bd1106ab2@...l.gmail.com> (at Fri, 18 Jul 2008 19:22:35 -0700), "Adam Langley" <agl@...erialviolet.org> says:
> On Fri, Jul 18, 2008 at 6:28 PM, YOSHIFUJI Hideaki / 吉藤英明
> <yoshfuji@...ux-ipv6.org> wrote:
> > Again, is it okay to add/del one key per each operation?
>
> Yes, I believe so. (At least I can't think of a situation where it isn't)
>
> > If yes, we do not need to change current API too much.
>
> I think, if we're only supporting two keys, the API in the patch (save
> making the flags wider etc) is good.
>
> If the concenous is that we need to support > 2 keys per address, then
> I'll have a think.
If we can do incremental approach, even if we suppor upto 2 keys,
I'd suggest something like this:
struct tcp_auth {
struct sockaddr_storage tcpa_addr;
__u8 tcpa_keyid
__u8 tcpa_algo;
__u16 tcpa_keylen;
__u32 tcpa_flags;
__u8 tcpa_key[TCP_AUTHOPT_MAXKEYLEN];
};
(I think you can get my idea, anyway.)
And it would be better to have another option such as TCP_AUTHOPT or such
for property for all keys.
--yoshfuji
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists