Date: Wed, 29 Jul 2015 09:11:04 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: George Neville-Neil <gnn@neville-neil.com> Cc: Adrian Chadd <adrian.chadd@gmail.com>, freebsd-security@freebsd.org, Daniel Plominski <Daniel@plominski.eu>, FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: remove IPsec SKIPJACK support... Message-ID: <20150729161103.GJ78154@funkthat.com> In-Reply-To: <AD9A5E4B-73C5-46EE-A20D-4260EFC48090@neville-neil.com> References: <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> <20150728034157.GO78154@funkthat.com> <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com> <20150728060740.GP78154@funkthat.com> <55B768DC.6020009@Plominski.eu> <CAJ-VmonhV2oCem4ZDnPdPOzk5H%2BGxK77VQQVQjJKS_9ZWv-mSA@mail.gmail.com> <AD9A5E4B-73C5-46EE-A20D-4260EFC48090@neville-neil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
George Neville-Neil wrote this message on Wed, Jul 29, 2015 at 10:35 -0400:
> That's fine so long as its removed in HEAD now, and then the warning can
> go into 10 aka 10.3.
As I said, setkey doesn't support it.. and I looked at the ports for
racoon2 and strongswan (has it in their library, but, and neither support it... Are there any other
programs (besides custom software) that can do secdb manipulations that
could possibly create a skipjack sdb entry?
If not, putting warning into 9 and 10 seems excessive for a feature that
people can't even use...
> On 28 Jul 2015, at 13:25, Adrian Chadd wrote:
>
> > I'd put together a deprecation plan, which starts with the kernel
> > warning that this stuff is being removed, MFC that to stable/10 and
> > stable/9 so people aren't surprised when they upgrade, and then have
> > it removed in 11.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150729161103.GJ78154>