tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: RFC1948



> On Mar 8, 2021, at 2:10 PM, Christos Zoulas <christos%astron.com@localhost> wrote:

> This change just simplified the existing code, and restored the
> default randomization behavior prior without the information leak.
> I will look into implementing rfc6528.

6528 is an incremental change on top of 1948, so it should be pretty easy to do.  Among other things, it explicitly addresses the concern I had with 1948 at the time I implemented it in our kernel (which is the reason is remained disabled by default -- discussing the issue with Steve was a roundtuit whose box never got ticked) -- specifically, the explicit suggestion to re-key and how to deal with the fact that you're in a new SN universe when a re-key occurs.

A few weeks ago Taylor had asked me what my concerns where (because the fact that concerns existed was spelled out in the commit message at the time), but it had been long enough that they had been pushed off to tertiary storage and it took a while to page them back in :-)

-- thorpej



Home | Main Index | Thread Index | Old Index