From owner-freebsd-net@FreeBSD.ORG  Wed Dec  3 08:41:22 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0C9641065672;
	Wed,  3 Dec 2008 08:41:22 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25])
	by mx1.freebsd.org (Postfix) with ESMTP id BE0D88FC16;
	Wed,  3 Dec 2008 08:41:21 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from astro.zen.inc (astro.zen.inc [192.168.1.239])
	by smtp.zeninc.net (smtpd) with ESMTP id 038DB2798B8;
	Wed,  3 Dec 2008 09:21:59 +0100 (CET)
Received: by astro.zen.inc (Postfix, from userid 1000)
	id 59E7217051; Wed,  3 Dec 2008 09:25:49 +0100 (CET)
Date: Wed, 3 Dec 2008 09:25:49 +0100
From: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Message-ID: <20081203082549.GA62889@zeninc.net>
References: <49349E26.30002@redhat.com> <gh44rc$11fc$1@lorvorc.mips.inka.de>
	<JsLl5HMkEyWlPKM1sYjNK0G+M34@+FxG3S39oD8KW2mcneDQRW6aq9s>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <JsLl5HMkEyWlPKM1sYjNK0G+M34@+FxG3S39oD8KW2mcneDQRW6aq9s>
User-Agent: All mail clients suck. This one just sucks less.
Cc: freebsd-net@freebsd.org, Christian Weisgerber <naddy@mips.inka.de>,
	gnn@freebsd.org
Subject: Re:  [ipsec] aes-ctr question
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2008 08:41:22 -0000

On Wed, Dec 03, 2008 at 10:54:55AM +0300, Eygene Ryabinkin wrote:
[...]
> Good catch.  Perhaps setkey should be extended to warn the user about
> this neat.  The patch is attached.  George, people, what do you think
> about it?

If we're going to add security warnings in setkey, we could just put a
warning when using static keys (so basically put a warning for "add"
command....).


Yvan.