Re: Hardware-accelerated IPsec, anyone?

To: current-users%NetBSD.org@localhost, tech-crypto%NetBSD.org@localhost
Subject: Re: Hardware-accelerated IPsec, anyone?
From: der Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Tue, 19 Jan 2010 22:05:03 -0500 (EST)

> OpenSSL is the largest part of the problem: the OpenSSL team is
> basically hostile to any attempts to even discuss fixing their
> accelleration abstractions in a way which would make it possible to
> use record ops or even accelerators which support HMAC directly!

Maybe it's heretical of me, but this sounds to me as though we should
be at least thinking about putting time and effort into finding ways to
dump OpenSSL, then, rather than finding ways to work around it.

FSVO "we" and "should", of course, this being an almost entirely
volunteer project.  (I can't help all that much; I don't have an
OpenSSL replacement to offer.  Closest I have is an ssh implementation
that does not use OpenSSL at all.  Could be a first step.  Maybe.)

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: Hardware-accelerated IPsec, anyone?
  - From: David Holland

References:
- Hardware-accelerated IPsec, anyone?
  - From: Hubert Feyrer
- Re: Hardware-accelerated IPsec, anyone?
  - From: Thor Lancelot Simon

Prev by Date: Re: Hardware-accelerated IPsec, anyone?
Next by Date: Re: Hardware-accelerated IPsec, anyone?
Previous by Thread: Re: Hardware-accelerated IPsec, anyone?
Next by Thread: Re: Hardware-accelerated IPsec, anyone?
Indexes:

Home | Main Index | Thread Index | Old Index