From owner-freebsd-security@freebsd.org Tue Jul 28 04:18:43 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6A429ABC73 for ; Tue, 28 Jul 2015 04:18:43 +0000 (UTC) (envelope-from jim@netgate.com) Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 795061017 for ; Tue, 28 Jul 2015 04:18:43 +0000 (UTC) (envelope-from jim@netgate.com) Received: by oibn4 with SMTP id n4so62733677oib.3 for ; Mon, 27 Jul 2015 21:18:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=dZq5Pno1bAlZrpY0M5RM4njVE0IMeMYDWTrsmgrlbdg=; b=kAwF6x7VyqQXqjlt+FHJ7ICGMfMMied9PXpX6RFPzAdyEKhdiQBAvDuhLrHiijvlmz Q7Fv2HZRMIPEIgtTPnZwTHwXNaJsnEdftwNnyPgMFUhlUzoNFCWf1Uis/fgms3Eim6cN rmqj4b0LnOUETyyDwhWML9Ul9Rag+hS0xNNeI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=dZq5Pno1bAlZrpY0M5RM4njVE0IMeMYDWTrsmgrlbdg=; b=JDFRvr78uK+Lqh1vNBiY3Mz8HAUifObqsIG0RprAlnAlFgWGFsCC405NqflOnou/RQ u0PV4RwvdcwtRD+ZFIVxazFMenEgiAQuMOIWRDUC+oZFtS7HoimjHvBK1hMG2AjtpTxJ gz3NkozTsRI2ifco/4C4Lo+sFANl5zhez+oMNTaYVfysIGyHK+wFAW4DWyJXiGcbJ25E 673KV8TLuS9I8k29N/Bx1xxJtC7W01R5v546KvsOnTq+yR5hAFzjcB/AGLVXCvc6zokS N8qh70JLp8sUy5CWXqctZY4/N4UYA/UqwUWVQ7chxGosSG1iW4InWq0urZIZwhtYS8W+ bX7A== X-Gm-Message-State: ALoCoQky1MeIRvB03r1tMVYtbuAGMYvBq8DNOKnL3imziqfLQcyaAxQmKu86U1G9kw/g/ygzOLlS X-Received: by 10.202.212.205 with SMTP id l196mr29710400oig.54.1438057122851; Mon, 27 Jul 2015 21:18:42 -0700 (PDT) Received: from [172.21.0.26] (65-36-83-120.static.grandenetworks.net. [65.36.83.120]) by smtp.gmail.com with ESMTPSA id oy11sm11625499oeb.3.2015.07.27.21.18.41 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 27 Jul 2015 21:18:41 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2102\)) Subject: Re: remove IPsec SKIPJACK support... From: Jim Thompson In-Reply-To: <20150728034157.GO78154@funkthat.com> Date: Mon, 27 Jul 2015 23:18:40 -0500 Cc: "freebsd-security@FreeBSD.org" , "freebsd-net@FreeBSD.org" Content-Transfer-Encoding: quoted-printable Message-Id: <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com> References: <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> <20150728034157.GO78154@funkthat.com> To: John-Mark Gurney X-Mailer: Apple Mail (2.2102) X-Mailman-Approved-At: Tue, 28 Jul 2015 11:12:35 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Jul 2015 04:18:43 -0000 > On Jul 27, 2015, at 10:41 PM, John-Mark Gurney = wrote: >=20 > Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500: >>> On Jul 27, 2015, at 7:57 PM, John-Mark Gurney = wrote: >>>=20 >>> I would like to remove it from HEAD immediately as I don't see a use >>> for it. Some time ago I proposed removing Skipjack from the OCF in = 12, but personally, now that I think about how long 12 is, we deprecate = these sooner rather than later. >>=20 >> Are we also going to comply with RFC 7321? >>=20 >> https://tools.ietf.org/html/rfc7321 >=20 > Looks like the only thing we need to change to comply w/ RFC7321 is > to remove DES support (note to those that don't read closely, DES, > not 3DES aka triple-DES), and I am fine removing DES support sooner > rather than later... The RFC 7321 requires it. I=E2=80=99m willing to do the work, but I = don=E2=80=99t want it to bikeshed. Jim