Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jul 2015 17:41:19 -0700
From:      NGie Cooper <yaneurabeya@gmail.com>
To:        John-Mark Gurney <jmg@freebsd.org>
Cc:        "src-committers@freebsd.org" <src-committers@freebsd.org>,  "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>,  "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>
Subject:   Re: svn commit: r286100 - in head/sys: net netipsec
Message-ID:  <CAGHfRMAFJHZH53vqF50Gv-0hQj5NhA-nJF6U9hKwb-TKwckV0w@mail.gmail.com>
In-Reply-To: <201507310023.t6V0NLVT013789@repo.freebsd.org>
References:  <201507310023.t6V0NLVT013789@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, Jul 30, 2015 at 5:23 PM, John-Mark Gurney <jmg@freebsd.org> wrote:
> Author: jmg
> Date: Fri Jul 31 00:23:21 2015
> New Revision: 286100
> URL: https://svnweb.freebsd.org/changeset/base/286100
>
> Log:
>   Clean up this header file...
>
>   use CTASSERTs now that we have them...
>
>   Replace a draft w/ RFC that's over 10 years old.
>
>   Note that _AALG and _EALG do not need to match what the IKE daemons
>   think they should be..  This is part of the KABI...  I decided to
>   renumber AESCTR, but since we've never had working AESCTR mode, I'm
>   not really breaking anything..  and it shortens a loop by quite
>   a bit..
>
>   remove SKIPJACK IPsec support...  SKIPJACK never made it out of draft
>   (in 1999), only has 80bit key, NIST recommended it stop being used
>   after 2010, and setkey nor any of the IKE daemons I checked supported
>   it...
>
>   jmgurney/ipsecgcm: a357a33, c75808b, e008669, b27b6d6
>
>   Reviewed by:  gnn (earlier version)

Relnotes: yes (removing SKIPJACK IPsec support + ?)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGHfRMAFJHZH53vqF50Gv-0hQj5NhA-nJF6U9hKwb-TKwckV0w>