| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220426075504.18be4ee2@kernel.org>
Date: Tue, 26 Apr 2022 07:55:04 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Chuck Lever III <chuck.lever@...cle.com>
Cc: netdev <netdev@...r.kernel.org>,
Linux NFS Mailing List <linux-nfs@...r.kernel.org>,
"linux-nvme@...ts.infradead.org" <linux-nvme@...ts.infradead.org>,
"linux-cifs@...r.kernel.org" <linux-cifs@...r.kernel.org>,
"linux-fsdevel@...r.kernel.org" <linux-fsdevel@...r.kernel.org>,
"ak@...pesta-tech.com" <ak@...pesta-tech.com>,
"borisp@...dia.com" <borisp@...dia.com>,
"simo@...hat.com" <simo@...hat.com>
Subject: Re: [PATCH RFC 4/5] net/tls: Add support for PF_TLSH (a TLS
handshake listener)
On Tue, 26 Apr 2022 13:48:20 +0000 Chuck Lever III wrote:
> > Create the socket in user space, do all the handshakes you need there
> > and then pass it to the kernel. This is how NBD + TLS works. Scales
> > better and requires much less kernel code.
>
> The RPC-with-TLS standard allows unencrypted RPC traffic on the connection
> before sending ClientHello. I think we'd like to stick with creating the
> socket in the kernel, for this reason and for the reasons Hannes mentions
> in his reply.
Umpf, I presume that's reviewed by security people in IETF so I guess
it's done right this time (tm).
Your wording seems careful not to imply that you actually need that,
tho. Am I over-interpreting?
Powered by blists - more mailing lists