Date: Mon, 27 Jul 2015 20:41:57 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Jim Thompson <jim@netgate.com> Cc: "freebsd-security@FreeBSD.org" <freebsd-security@freebsd.org>, "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org> Subject: Re: remove IPsec SKIPJACK support... Message-ID: <20150728034157.GO78154@funkthat.com> In-Reply-To: <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> References: <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500: > > On Jul 27, 2015, at 7:57 PM, John-Mark Gurney <jmg@funkthat.com> wrote: > > > > I would like to remove it from HEAD immediately as I don't see a use > > for it. Some time ago I proposed removing Skipjack from the OCF in 12, but personally, now that I think about how long 12 is, we deprecate these sooner rather than later. > > Are we also going to comply with RFC 7321? > > https://tools.ietf.org/html/rfc7321 Looks like the only thing we need to change to comply w/ RFC7321 is to remove DES support (note to those that don't read closely, DES, not 3DES aka triple-DES), and I am fine removing DES support sooner rather than later... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150728034157.GO78154>