Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp563273rwe; Wed, 24 Aug 2022 05:50:58 -0700 (PDT) X-Google-Smtp-Source: AA6agR7buHooS3f3DXPSTsj+v/lUb8D74hFNXzbxvfwlFjncfM2eWdr9/SlwtLfxfKPVrviP5cQ2 X-Received: by 2002:a05:6402:1d51:b0:41f:cf6c:35a5 with SMTP id dz17-20020a0564021d5100b0041fcf6c35a5mr7749989edb.25.1661345458388; Wed, 24 Aug 2022 05:50:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661345458; cv=none; d=google.com; s=arc-20160816; b=xSUA0jCXJ5ZFTtzDJzBuOqsuYkvTOgdVV/J5ehszHpQ75fkW3yDvtAEzpVZn1uH5dd OOPMMfhnxfWWsnk8qw7chc0RP7JIUvgd/apy+VCHaHWkS5GX76Zobe1Z3RLvnXYkRsff CBmfahFFPW0TFeZvcuW4v1EU5cchhNFyJq+1H+dOBQzai1UoELIGr7HgRMVSZB7T5Gzm 8lxWvS0KVX4qWgI78nEFe5RQotTUZ2vIEKxJbr+Rqr1yqsEXLZ82aEA+WeJkSLF81o10 1ajsvLM/UWEcFNU/ujucA4COyHrSOByIQDES9yMWvtyFlJGZO7G560z6PNMUWkj4EE0b PIbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=uSxtp6cCO/JPJLp/Y5uU09OcFls/853lMuOjjJI3vmg=; b=GwMgEAUpRnUySRYHz2DUMBd6D70ZbodW0taUImBLN8HMZqy40hS+eOff8OV9v60sp3 nJu2uz918trBBEonFKgwT1vpDX+DICHkhbtvIENxTu3r8QgELDBqpyM5zDQivKI9GV3f ad61k9nZAaSO6BN3ACZGXN8rAxiVa9txRHKfBNtMvOgNzNdHmldBQJK0extxsYi2qAFO 0RoYX5kStS8cHi6BjQn+llPucj+pNaJb2bnDl+zIQmvj1xzF6nOoePQQTbcDcGnsK3lH lK9yVpmQsQxGR0+cv2RXQ54lUJNNHwVn9V6F+W5bFDX69Khp8eaSqaynCY/INncHARiv i3Ww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lunn.ch header.s=20171124 header.b=yBwxcpvl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id jg29-20020a170907971d00b007269ef1872esi2235548ejc.897.2022.08.24.05.50.24; Wed, 24 Aug 2022 05:50:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@lunn.ch header.s=20171124 header.b=yBwxcpvl; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237414AbiHXMqt (ORCPT + 99 others); Wed, 24 Aug 2022 08:46:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234876AbiHXMqt (ORCPT ); Wed, 24 Aug 2022 08:46:49 -0400 Received: from vps0.lunn.ch (vps0.lunn.ch [185.16.172.187]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF18790C7E; Wed, 24 Aug 2022 05:46:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lunn.ch; s=20171124; h=In-Reply-To:Content-Disposition:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:From:Sender:Reply-To:Subject: Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Content-Disposition:In-Reply-To:References; bh=uSxtp6cCO/JPJLp/Y5uU09OcFls/853lMuOjjJI3vmg=; b=yBwxcpvlq6AVp6sl0roNiulO7G 9zTsPRWFSQ+hKKHxduJWNf8atR40bQyrZTzzrCvt6Qye61ELVuCs0qkUyrZzt56GKISn8w17anntT a+w42OOTECaukHBlbqttIJOHfb31EAhQBOeGlj3tLbG4l9PdfauvpVUMldWG5tTU2Nzg=; Received: from andrew by vps0.lunn.ch with local (Exim 4.94.2) (envelope-from ) id 1oQpmC-00ERhp-AT; Wed, 24 Aug 2022 14:46:32 +0200 Date: Wed, 24 Aug 2022 14:46:32 +0200 From: Andrew Lunn To: Leonard Crestez Cc: Dmitry Safonov , David Ahern , Andy Lutomirski , Ard Biesheuvel , Bob Gilligan , Dmitry Safonov <0x7f454c46@gmail.com>, Eric Biggers , Francesco Ruggeri , Herbert Xu , Hideaki YOSHIFUJI , Ivan Delalande , Jakub Kicinski , Paolo Abeni , Salam Noureddine , Shuah Khan , netdev@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, "David S. Miller" , Eric Dumazet Subject: Re: [PATCH 00/31] net/tcp: Add TCP-AO support Message-ID: References: <20220818170005.747015-1-dima@arista.com> <8097c38e-e88e-66ad-74d3-2f4a9e3734f4@arista.com> <7ad5a9be-4ee9-bab2-4a70-b0f661f91beb@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7ad5a9be-4ee9-bab2-4a70-b0f661f91beb@gmail.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org > I think it would make sense to push key validity times and the key selection > policy entirely in the kernel so that it can handle key rotation/expiration > by itself. This way userspace only has to configure the keys and doesn't > have to touch established connections at all. I know nothing aobut TCP-AO, nor much about kTLS. But doesn't kTLS have the same issue? Is there anything which can be learnt from kTLS? Maybe the same mechanisms can be used? No point inventing something new if you can copy/refactor working code? > My series has a "flags" field on the key struct where it can filter by IP, > prefix, ifindex and so on. It would be possible to add additional flags for > making the key only valid between certain times (by wall time). What out for wall clock time, it jumps around in funny ways. Plus the kernel has no idea what time zone the wall the wall clock is mounted on is in. Andrew