| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081229204750.GA13680@gondor.apana.org.au>
Date: Tue, 30 Dec 2008 07:47:50 +1100
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Martin Willi <martin@...ongswan.org>
Cc: Jason Gunthorpe <jgunthorpe@...idianresearch.com>,
netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>
Subject: Re: [PATCH] [IPSEC]: Change the ICV length of sha256 to 128 bits
On Mon, Dec 29, 2008 at 02:05:19PM +0100, Martin Willi wrote:
>
> In PF_KEY, SADB_X_AALG_SHA2_256HMAC (5) was defined in
> draft-ietf-ipsec-ciph-sha-256-00 to 96 bit truncation (what is currently
> implemented). draft-ietf-ipsec-ciph-sha-256-01 defined it to 128 bit
> truncation (what is now RFC 4868).
> Those numbers starting from 12 are IKEv2 algorithm identifiers and are
> never passed to the kernel.
What are you talking about? Neither of those two drafts talks
about the ID used between the KM and the kernel. So the PF_KEY
ID is simply irrelevant.
What is important though is what's deployed in the field with
respect to IKE. All the BSDs support 96-bit truncation so we
should continue to do that as well.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists