Date: Sun, 14 Jan 2018 16:08:36 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: John Baldwin <jhb@freebsd.org> Cc: Benjamin Kaduk <bjk@freebsd.org>, arch@freebsd.org Subject: Re: Ranting about OCF / crypto(9) Message-ID: <20180115000836.GU75576@funkthat.com> In-Reply-To: <1848677.SMV3i9kbhA@ralph.baldwin.cx> References: <3790717.UIxaijsHl3@ralph.baldwin.cx> <20180111055620.GO72574@kduck.kaduk.org> <1848677.SMV3i9kbhA@ralph.baldwin.cx>
next in thread | previous in thread | raw e-mail | index | archive | help
John Baldwin wrote this message on Thu, Jan 11, 2018 at 09:41 -0800:
> > > - Simple compression / decompression requests. While this isn't
> > > "crypto", per se, I do think it is probably still simpler to
> > > manage this via OCF than a completely separate interface.
> >
> > Probably, though perhaps less so after the removal of arbitrary
> > stacking depths. And mixing compression with encryption has its own
> > risks, of course.
>
> I probably think you wouldn't mix but would either do compression, auth,
> hash, or auth+enc. NetBSD's /dev/crypto does support stacking
> compression + auth + enc in a single ioctl, but it doesn't provide any
> way to control the ordering so in practice I think it was just a way to
> permit offloading compression alone.
Never makes sense to do compression after enc, so it's really what order
auth and enc should happen in..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180115000836.GU75576>