lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 17 Jan 2008 08:18:24 -0500
From:	jamal <>
To:	Herbert Xu <>
Cc:	Timo Teräs <>,, David Miller <>
Subject: Re: [RFC][PATCH] Fixing SA/SP dumps on netlink/af_key

On Thu, 2008-17-01 at 23:50 +1100, Herbert Xu wrote:

> In fact it goes much further:
>    Support for the dump message MAY be discontinued in future versions
>    of PF_KEY.  Key management applications MUST NOT depend on this
>    message for basic operation.

No doubt PF_KEY being an RFC has caused a lot of damage. 
Once something is deployed, unfortunately, it grows a foot and sometimes
a head[1]. 
Note: it's a big dilema in my mind as well and i agree in principle with
both Dave and you (we really should not be helping pfkey grow another
ear on the forehead); the only way i am convincing myself otherwise is
to note that Racoon/ipsec-tools is out there, shipped as default ipsec
user management tools by most if not all linux distros. If we really
want to stop the beast lets cut out the umbilicall code - just take out
pfkey altogether from Linux ;->


[1] Whatever fix/approach Timo has will eventually show up in the BSDs
and solaris for example 

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists