From: David Ahern <dsahern@kernel.org>
To: Leonard Crestez <cdleonard@gmail.com>,
Dmitry Safonov <dima@arista.com>,
Eric Dumazet <edumazet@google.com>,
"David S. Miller" <davem@davemloft.net>
Cc: Andy Lutomirski <luto@amacapital.net>,
Ard Biesheuvel <ardb@kernel.org>,
Bob Gilligan <gilligan@arista.com>,
Dmitry Safonov <0x7f454c46@gmail.com>,
Eric Biggers <ebiggers@kernel.org>,
Francesco Ruggeri <fruggeri@arista.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Ivan Delalande <colona@arista.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Salam Noureddine <noureddine@arista.com>,
Shuah Khan <shuah@kernel.org>,
netdev@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/31] net/tcp: Add TCP-AO support
Date: Sun, 21 Aug 2022 17:51:28 -0600 [thread overview]
Message-ID: <a83e24c9-ab25-6ca0-8b81-268f92791ae5@kernel.org> (raw)
In-Reply-To: <fc05893d-7733-1426-3b12-7ba60ef2698f@gmail.com>
On 8/21/22 2:34 PM, Leonard Crestez wrote:
> On 8/18/22 19:59, Dmitry Safonov wrote:
>> This patchset implements the TCP-AO option as described in RFC5925. There
>> is a request from industry to move away from TCP-MD5SIG and it seems
>> the time
>> is right to have a TCP-AO upstreamed. This TCP option is meant to replace
>> the TCP MD5 option and address its shortcomings. Specifically, it
>> provides
>> more secure hashing, key rotation and support for long-lived connections
>> (see the summary of TCP-AO advantages over TCP-MD5 in (1.3) of RFC5925).
>> The patch series starts with six patches that are not specific to TCP-AO
>> but implement a general crypto facility that we thought is useful
>> to eliminate code duplication between TCP-MD5SIG and TCP-AO as well as
>> other
>> crypto users. These six patches are being submitted separately in
>> a different patchset [1]. Including them here will show better the gain
>> in code sharing. Next are 18 patches that implement the actual TCP-AO
>> option,
>> followed by patches implementing selftests.
>>
>> The patch set was written as a collaboration of three authors (in
>> alphabetical
>> order): Dmitry Safonov, Francesco Ruggeri and Salam Noureddine.
>> Additional
>> credits should be given to Prasad Koya, who was involved in early
>> prototyping
>> a few years back. There is also a separate submission done by Leonard
>> Crestez
>> whom we thank for his efforts getting an implementation of RFC5925
>> submitted
>> for review upstream [2]. This is an independent implementation that makes
>> different design decisions.
>
> Is this based on something that Arista has had running for a while now
> or is a recent new development?
>
...
> Seeing an entirely distinct unrelated implementation is very unexpected.
> What made you do this?
>
I am curious as well. You are well aware of Leonard's efforts which go
back a long time, why go off and do a separate implementation?
next prev parent reply other threads:[~2022-08-21 23:51 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-18 16:59 [PATCH 00/31] net/tcp: Add TCP-AO support Dmitry Safonov
2022-08-18 16:59 ` [PATCH 01/31] crypto: Introduce crypto_pool Dmitry Safonov
2022-08-18 16:59 ` [PATCH 02/31] crypto_pool: Add crypto_pool_reserve_scratch() Dmitry Safonov
2022-08-22 10:45 ` Dan Carpenter
2022-08-26 14:42 ` Dmitry Safonov
2022-08-18 16:59 ` [PATCH 03/31] net/tcp: Separate tcp_md5sig_info allocation into tcp_md5sig_info_add() Dmitry Safonov
2022-08-18 16:59 ` [PATCH 04/31] net/tcp: Disable TCP-MD5 static key on tcp_md5sig_info destruction Dmitry Safonov
2022-08-18 16:59 ` [PATCH 05/31] net/tcp: Use crypto_pool for TCP-MD5 Dmitry Safonov
2022-08-18 16:59 ` [PATCH 06/31] net/ipv6: sr: Switch to using crypto_pool Dmitry Safonov
2022-08-18 16:59 ` [PATCH 07/31] tcp: Add TCP-AO config and structures Dmitry Safonov
2022-08-18 16:59 ` [PATCH 08/31] net/tcp: Introduce TCP_AO setsockopt()s Dmitry Safonov
2022-08-18 18:50 ` kernel test robot
2022-08-18 18:50 ` kernel test robot
2022-08-23 14:45 ` Leonard Crestez
2022-08-31 18:48 ` Dmitry Safonov
2022-09-03 9:35 ` Leonard Crestez
2022-08-25 15:31 ` David Ahern
2022-08-25 18:21 ` David Laight
2022-08-18 16:59 ` [PATCH 09/31] net/tcp: Prevent TCP-MD5 with TCP-AO being set Dmitry Safonov
2022-08-18 16:59 ` [PATCH 10/31] net/tcp: Calculate TCP-AO traffic keys Dmitry Safonov
2022-08-18 16:59 ` [PATCH 11/31] net/tcp: Add TCP-AO sign to outgoing packets Dmitry Safonov
2022-08-22 12:03 ` [kbuild] " Dan Carpenter
2022-08-29 17:55 ` Dmitry Safonov
2022-08-18 16:59 ` [PATCH 12/31] net/tcp: Add tcp_parse_auth_options() Dmitry Safonov
2022-08-18 19:00 ` kernel test robot
2022-08-18 16:59 ` [PATCH 13/31] net/tcp: Add AO sign to RST packets Dmitry Safonov
2022-08-18 16:59 ` [PATCH 14/31] net/tcp: Add TCP-AO sign to twsk Dmitry Safonov
2022-08-18 16:59 ` [PATCH 15/31] net/tcp: Wire TCP-AO to request sockets Dmitry Safonov
2022-08-18 16:59 ` [PATCH 16/31] net/tcp: Sign SYN-ACK segments with TCP-AO Dmitry Safonov
2022-08-18 16:59 ` [PATCH 17/31] net/tcp: Verify inbound TCP-AO signed segments Dmitry Safonov
2022-08-18 16:59 ` [PATCH 18/31] net/tcp: Add TCP-AO segments counters Dmitry Safonov
2022-08-18 16:59 ` [PATCH 19/31] net/tcp: Add TCP-AO SNE support Dmitry Safonov
2022-08-23 14:50 ` Leonard Crestez
2022-08-23 22:40 ` Francesco Ruggeri
2022-08-18 16:59 ` [PATCH 20/31] net/tcp: Add tcp_hash_fail() ratelimited logs Dmitry Safonov
2022-08-18 16:59 ` [PATCH 21/31] net/tcp: Ignore specific ICMPs for TCP-AO connections Dmitry Safonov
2022-08-18 16:59 ` [PATCH 22/31] net/tcp: Add option for TCP-AO to (not) hash header Dmitry Safonov
2022-08-18 16:59 ` [PATCH 23/31] net/tcp: Add getsockopt(TCP_AO_GET) Dmitry Safonov
2022-08-23 14:45 ` Leonard Crestez
2022-08-18 16:59 ` [PATCH 24/31] net/tcp: Allow asynchronous delete for TCP-AO keys (MKTs) Dmitry Safonov
2022-08-18 16:59 ` [PATCH 25/31] selftests/net: Add TCP-AO library Dmitry Safonov
2022-08-23 15:47 ` Shuah Khan
2022-09-05 20:24 ` Dmitry Safonov
2022-09-06 16:34 ` Dmitry Safonov
2022-08-18 17:00 ` [PATCH 26/31] selftests/net: Verify that TCP-AO complies with ignoring ICMPs Dmitry Safonov
2022-08-18 17:00 ` [PATCH 27/31] selftest/net: Add TCP-AO ICMPs accept test Dmitry Safonov
2022-08-18 17:00 ` [PATCH 28/31] selftest/tcp-ao: Add a test for MKT matching Dmitry Safonov
2022-08-18 17:00 ` [PATCH 29/31] selftest/tcp-ao: Add test for TCP-AO add setsockopt() command Dmitry Safonov
2022-08-18 17:00 ` [PATCH 30/31] selftests/tcp-ao: Add TCP-AO + TCP-MD5 + no sign listen socket tests Dmitry Safonov
2022-08-18 17:00 ` [PATCH 31/31] selftests/aolib: Add test/benchmark for removing MKTs Dmitry Safonov
2022-08-21 20:34 ` [PATCH 00/31] net/tcp: Add TCP-AO support Leonard Crestez
2022-08-21 23:51 ` David Ahern [this message]
2022-08-22 20:35 ` Dmitry Safonov
2022-08-23 15:30 ` Leonard Crestez
2022-08-23 16:31 ` Dmitry Safonov
2022-08-24 12:46 ` Andrew Lunn
2022-08-24 17:55 ` Jakub Kicinski
2022-08-27 8:55 ` Leonard Crestez
2022-08-22 18:42 ` Salam Noureddine
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a83e24c9-ab25-6ca0-8b81-268f92791ae5@kernel.org \
--to=dsahern@kernel.org \
--cc=0x7f454c46@gmail.com \
--cc=ardb@kernel.org \
--cc=cdleonard@gmail.com \
--cc=colona@arista.com \
--cc=davem@davemloft.net \
--cc=dima@arista.com \
--cc=ebiggers@kernel.org \
--cc=edumazet@google.com \
--cc=fruggeri@arista.com \
--cc=gilligan@arista.com \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=netdev@vger.kernel.org \
--cc=noureddine@arista.com \
--cc=pabeni@redhat.com \
--cc=shuah@kernel.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).