[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4847FF29.20500@swiss-it.ch>
Date: Thu, 05 Jun 2008 16:58:49 +0200
From: Adrian-Ken Rüegsegger
<rueegsegger@...ss-it.ch>
To: Martin Willi <martin@...ongswan.org>
CC: herbert@...dor.apana.org.au, davem@...emloft.net,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2.6.26rc5] xfrm: SHA-256/384/512 HMAC support for IPsec
Martin Willi wrote:
>> You could register a new SADB algorithm id in pfkeyv2.h and add a new
>> entry to the aalg_list analogous to how GCM is doing that in the aead_list.
>>
>> Adrian
>
> We could do that, but SADB_X_AALG_SHA2_256HMAC (5) actually refers to
> 128 bit truncation. 96 bit truncation is a leftover of
> draft-ietf-ipsec-ciph-sha-256-00 and has been replaced by 128 bit
> truncation in draft-ietf-ipsec-ciph-sha-256-01.
>
> draft-kelly-ipsec-ciph-sha2 and the resulting RFC4868 define 128 bit
> truncation for SADB_X_AALG_SHA2_256HMAC (5), so 96 bit truncation is
> really obsolete. We could define a new PF_KEY algorithm for 96 bit
> truncation, but it is not really usable as it is not standardized.
I agree that 96bit truncation is obsolete and 128 bit should be used.
However people might be using the current implementation and this patch
could cause trouble for them. The question is if anybody really depends
on the current behavior.
Adrian
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists