linux-cifs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Denis Kenzior <denkenz@gmail.com>
To: Ard Biesheuvel <ardb@kernel.org>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Eric Biggers <ebiggers@kernel.org>,
	ronnie sahlberg <ronniesahlberg@gmail.com>,
	linux-cifs <linux-cifs@vger.kernel.org>,
	Steve French <sfrench@samba.org>,
	David Howells <dhowells@redhat.com>,
	keyrings@vger.kernel.org
Subject: Re: [PATCH 0/2] crypto: remove MD4 generic shash
Date: Wed, 18 Aug 2021 11:23:33 -0500	[thread overview]
Message-ID: <24606605-71ae-f918-b71a-480be7d68e43@gmail.com> (raw)
In-Reply-To: <CAMj1kXEjHojAZ0_DPkogHAbmS6XAOFN3t8-4VB0+zN8ruTPVCg@mail.gmail.com>

Hi Ard,

>>   The previous ARC4 removal
>> already caused some headaches [0].
> 
> This is the first time this has been reported on an upstream kernel list.
> 
> As you know, I went out of my way to ensure that this removal would
> happen as smoothly as possible, which is why I contributed code to
> both iwd and libell beforehand, and worked with distros to ensure that
> the updated versions would land before the removal of ARC4 from the
> kernel.
> 
> It is unfortunate that one of the distros failed to take that into
> account for the backport of a newer kernel to an older distro release,
> but I don't think it is fair to blame that on the process.

Please don't misunderstand, I don't blame you at all.  I was in favor of ARC4 
removal since the kernel AF_ALG implementation was broken and the ell 
implementation had to work around that.  And you went the extra mile to make 
sure the migration was smooth.  The reported bug is still a fairly minor 
inconvenience in the grand scheme of things.

But, I'm not in favor of doing the same for MD4...

> 
>>   Please note that iwd does use MD4 for MSCHAP
>> and MSCHAPv2 based 802.1X authentication.
>>
> 
> Thanks for reporting that.
> 
> So what is your timeline for retaining MD4 support in iwd? You are
> aware that it has been broken since 1991, right? Please, consider
> having a deprecation path, so we can at least agree on *some* point in
> time (in 6 months, in 6 years, etc) where we can start culling this
> junk.
> 

That is not something that iwd has any control over though?  We have to support 
it for as long as there are  organizations using TTLS + MD5 or PEAPv0.  There 
are still surprisingly many today.

Regards,
-Denis

  reply	other threads:[~2021-08-18 16:23 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-18 14:46 Ard Biesheuvel
2021-08-18 14:51 ` Denis Kenzior
2021-08-18 16:10   ` Ard Biesheuvel
2021-08-18 16:23     ` Denis Kenzior [this message]
2021-08-18 16:47       ` Steve French
2021-08-18 22:08         ` Jeremy Allison
2021-08-19  3:49           ` Andrew Bartlett
2021-08-19  5:18             ` Eric Biggers
2021-08-19  5:23               ` Andrew Bartlett
2021-08-18 21:11       ` ronnie sahlberg
2021-08-18 22:10       ` Ard Biesheuvel
2021-08-18 22:22         ` Denis Kenzior
2021-08-18 23:03           ` Steve French
2021-08-19 16:56             ` Denis Kenzior
2021-08-19 10:42     ` Jarkko Sakkinen
2021-08-19 17:10       ` Steve French
2021-08-19 20:54         ` ronnie sahlberg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=24606605-71ae-f918-b71a-480be7d68e43@gmail.com \
    --to=denkenz@gmail.com \
    --cc=ardb@kernel.org \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-cifs@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=ronniesahlberg@gmail.com \
    --cc=sfrench@samba.org \
    --subject='Re: [PATCH 0/2] crypto: remove MD4 generic shash' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).