Hi,
I stumbled upon CONFIG_INET_AH and CONFIG_INET_ESP every time I configure
my custom kernels. Kconfig description of each options says:
> Support for IPsec AH (Authentication Header).
>
> AH can be used with various authentication algorithms. Besides
> enabling AH support itself, this option enables the generic
> implementations of the algorithms that RFC 8221 lists as MUST be
> implemented. If you need any other algorithms, you'll need to enable
> them in the crypto API. You should also enable accelerated
> implementations of any needed algorithms when available.
>
> If unsure, say Y.
> Support for IPsec ESP (Encapsulating Security Payload).
>
> ESP can be used with various encryption and authentication algorithms.
> Besides enabling ESP support itself, this option enables the generic
> implementations of the algorithms that RFC 8221 lists as MUST be
> implemented. If you need any other algorithms, you'll need to enable
> them in the crypto API. You should also enable accelerated
> implementations of any needed algorithms when available.
>
> If unsure, say Y.
Yet, distributions like Debian ([1]), Fedora ([2]), and Arch ([3]) instead
enable both options as module, but I followed the Kconfig recommendation
above.
I was wonder the rationale behind "say Y if unsure" for both
options, and whether `default Y` should be justified or not.
Thanks.
[1]: https://salsa.debian.org/kernel-team/linux/-/raw/master/debian/config/config?ref_type=heads
[2]: https://src.fedoraproject.org/rpms/kernel/raw/rawhide/f/kernel-x86_64-fedora.config
[3]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/raw/main/config?ref_type=heads
--
An old man doll... just what I always wanted! - Clara