Date: Thu, 11 Jan 2018 13:07:58 +0000 From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: "Benjamin Kaduk" <bjk@freebsd.org> Cc: "John Baldwin" <jhb@freebsd.org>, arch@freebsd.org Subject: Re: Ranting about OCF / crypto(9) Message-ID: <8C6BFBB0-3323-4DC8-BF23-B27D0235256D@lists.zabbadoz.net> In-Reply-To: <20180111055620.GO72574@kduck.kaduk.org> References: <3790717.UIxaijsHl3@ralph.baldwin.cx> <20180111055620.GO72574@kduck.kaduk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 Jan 2018, at 5:56, Benjamin Kaduk wrote: >> In terms of algorithms, I suspect there are some older algorithms >> we could drop. Modern hardware doesn't offload DES for example. >> Both ccr(4) and aesni(4) only support AES for encryption. We >> do need to keep algorithms required for IPSec in the kernel, but >> we could probably drop some others? > > Yes, it's probably time for DES to go. Maybe others as well. There sadly still is a lot of commercial gear out there that still requires single-DES. >> One concern with some of these changes is that there are several drivers >> in the tree for older hardware that I'm not sure is really used anymore. >> That is an impediment to making changes to the crypto <-> driver interface >> if we can't find folks willing to at least test changes to those drivers >> if not maintain them. > > That does seem like a relevant concern, as some of this stuff seems > pretty obscure now. I expect that some of it will have to go since > no one can be found to test it. I am sure I have old soekris boxes in use with a hifn(4) in them. /bz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8C6BFBB0-3323-4DC8-BF23-B27D0235256D>