Re: [tipc-discussion] [PATCH RFC 0/5] TIPC encryption

Wed, 16 Oct 2019 05:25:58 -0700 

Looks like this is an amazing proposal!

I had the idea long time ago, but at that moment, I didn't think
encrypting TIPC message was meaningful because TIPC was mostly used
within internal network. After UDP bearer was supported and one TIPC
node was capable of communicating with its peers across IP, it seemed
the encryption feature became useful. But if needed, we could enable
IPSEC during this situation.

At present, the only useful scenario that I can image is that TIPC will
be used as low level communication infrastructure in Docker or k8s
environment. Is there other case?

Sorry, I am pretty busy in this week, and significant changes are made
in the series. I have to take a bit long time to review the series.
Please wait for a while.

On 10/14/19 7:07 PM, Tuong Lien wrote:
> This series provides TIPC encryption feature, kernel part. There will be
> another one in the 'iproute2/tipc' for user space to set key.
> 
> Tuong Lien (5):
>   tipc: add reference counter to bearer
>   tipc: enable creating a "preliminary" node
>   tipc: add new AEAD key structure for user API
>   tipc: introduce TIPC encryption & authentication
>   tipc: add support for AEAD key setting via netlink
> 
>  include/uapi/linux/tipc.h         |   21 +
>  include/uapi/linux/tipc_netlink.h |    4 +
>  net/tipc/Makefile                 |    2 +-
>  net/tipc/bcast.c                  |    2 +-
>  net/tipc/bearer.c                 |   52 +-
>  net/tipc/bearer.h                 |    6 +-
>  net/tipc/core.c                   |   10 +
>  net/tipc/core.h                   |    4 +
>  net/tipc/crypto.c                 | 1986 
> +++++++++++++++++++++++++++++++++++++
>  net/tipc/crypto.h                 |  166 ++++
>  net/tipc/link.c                   |   16 +-
>  net/tipc/link.h                   |    1 +
>  net/tipc/msg.c                    |   24 +-
>  net/tipc/msg.h                    |   44 +-
>  net/tipc/netlink.c                |   16 +-
>  net/tipc/node.c                   |  314 +++++-
>  net/tipc/node.h                   |   10 +
>  net/tipc/sysctl.c                 |    9 +
>  net/tipc/udp_media.c              |    1 +
>  19 files changed, 2604 insertions(+), 84 deletions(-)
>  create mode 100644 net/tipc/crypto.c
>  create mode 100644 net/tipc/crypto.h
> 


_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion

Reply via email to