| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jan 2008 08:18:24 -0500 From: jamal <hadi@...erus.ca> To: Herbert Xu <herbert@...dor.apana.org.au> Cc: Timo Teräs <timo.teras@....fi>, netdev@...r.kernel.org, David Miller <davem@...emloft.net> Subject: Re: [RFC][PATCH] Fixing SA/SP dumps on netlink/af_key On Thu, 2008-17-01 at 23:50 +1100, Herbert Xu wrote: > In fact it goes much further: > > Support for the dump message MAY be discontinued in future versions > of PF_KEY. Key management applications MUST NOT depend on this > message for basic operation. No doubt PF_KEY being an RFC has caused a lot of damage. Once something is deployed, unfortunately, it grows a foot and sometimes a head[1]. Note: it's a big dilema in my mind as well and i agree in principle with both Dave and you (we really should not be helping pfkey grow another ear on the forehead); the only way i am convincing myself otherwise is to note that Racoon/ipsec-tools is out there, shipped as default ipsec user management tools by most if not all linux distros. If we really want to stop the beast lets cut out the umbilicall code - just take out pfkey altogether from Linux ;-> cheers, jamal [1] Whatever fix/approach Timo has will eventually show up in the BSDs and solaris for example -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists