Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Jul 2015 23:07:40 -0700
From:      John-Mark Gurney <jmg@funkthat.com>
To:        Jim Thompson <jim@netgate.com>
Cc:        "freebsd-security@FreeBSD.org" <freebsd-security@freebsd.org>, "freebsd-net@FreeBSD.org" <freebsd-net@freebsd.org>
Subject:   Re: remove IPsec SKIPJACK support...
Message-ID:  <20150728060740.GP78154@funkthat.com>
In-Reply-To: <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com>
References:  <20150728005730.GL78154@funkthat.com> <1DB60250-D362-4115-92F6-E27B7A5897C3@netgate.com> <20150728034157.GO78154@funkthat.com> <5E419103-3111-4ADC-A49F-B703BBBC9C5F@netgate.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 23:18 -0500:
> > On Jul 27, 2015, at 10:41 PM, John-Mark Gurney <jmg@funkthat.com> wrote:
> > 
> > Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
> >>> On Jul 27, 2015, at 7:57 PM, John-Mark Gurney <jmg@funkthat.com> wrote:
> >>> 
> >>> I would like to remove it from HEAD immediately as I don't see a use
> >>> for it.  Some time ago I proposed removing Skipjack from the OCF in 12, but personally, now that I think about how long 12 is, we deprecate these sooner rather than later.
> >> 
> >> Are we also going to comply with RFC 7321?
> >> 
> >> https://tools.ietf.org/html/rfc7321
> > 
> > Looks like the only thing we need to change to comply w/ RFC7321 is
> > to remove DES support (note to those that don't read closely, DES,
> > not 3DES aka triple-DES), and I am fine removing DES support sooner
> > rather than later...
> 
> The RFC 7321 requires it.  I???m willing to do the work, but I don???t want it to bikeshed.

Requires what?  removing DES?  That's basicly three lines of code..

Look at:
https://github.com/jmgurney/freebsd/commit/a357a3398d8142d698b65f42367f480ec588171c

For how I removed Skipjack...

Of course there is more work to do in the various utils, like setkey,
but shouldn't be hard..

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150728060740.GP78154>