Re: [PATCH v3 net-next 0/4] kernel TLS

2017-07-06 Thread Dave Watson
Hi Richard, On 07/06/17 04:30 PM, Richard Weinberger wrote: > Dave, > > On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote: > > Documentation/networking/tls.txt | 135 +++ > > MAINTAINERS| 10 + > > include/linux/socket.h | 1 +

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-07-06 Thread Richard Weinberger
Dave, On Wed, Jun 14, 2017 at 8:36 PM, Dave Watson wrote: > Documentation/networking/tls.txt | 135 +++ > MAINTAINERS| 10 + > include/linux/socket.h | 1 + > include/net/inet_connection_sock.h | 4 + > include/net/tcp.h

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-15 Thread David Miller
From: Dave Watson Date: Wed, 14 Jun 2017 11:36:54 -0700 > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record >

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Tom Herbert
On Wed, Jun 14, 2017 at 3:17 PM, Dave Watson wrote: > On 06/14/17 01:54 PM, Tom Herbert wrote: >> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: >> > This series adds support for kernel TLS encryption over TCP sockets. >> > A standard TCP socket is

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
On 06/14/17 01:54 PM, Tom Herbert wrote: > On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. > > Only symmetric crypto is done

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
Hi Hannes, On 06/14/17 10:15 PM, Hannes Frederic Sowa wrote: > one question for this patch set: > > What is the reason for not allowing key updates for the TX path? I was > always loud pointing out the problems with TLSv1.2 renegotiation and > TLSv1.3 key update alerts. This patch set uses

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Tom Herbert
On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record > framing.

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Hannes Frederic Sowa
Hello Dave, On Wed, Jun 14, 2017, at 21:47, David Miller wrote: > From: Dave Watson > Date: Wed, 14 Jun 2017 11:36:54 -0700 > > > This series adds support for kernel TLS encryption over TCP sockets. > > A standard TCP socket is converted to a TLS socket using a setsockopt. >

Re: [PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread David Miller
From: Dave Watson Date: Wed, 14 Jun 2017 11:36:54 -0700 > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record >

[PATCH v3 net-next 0/4] kernel TLS

2017-06-14 Thread Dave Watson
This series adds support for kernel TLS encryption over TCP sockets. A standard TCP socket is converted to a TLS socket using a setsockopt. Only symmetric crypto is done in the kernel, as well as TLS record framing. The handshake remains in userspace, and the negotiated cipher keys/iv are