Re: [tipc-discussion] [PATCH RFC 0/5] TIPC encryption

[Jon M. <jon...@er...>]

Tuong, Ying
I am ok with a kernel option, as long as it is enabled by default. I can imagine smaller embedded systems where the deployer want a small module, and encryption anyway is managed differently, or not at all.

///jon


> -----Original Message-----
> From: Tuong Lien Tong <tuo...@de...>
> Sent: 4-Nov-19 06:30
> To: 'Xue, Ying' <Yin...@wi...>; tip...@li...; Jon Maloy
> <jon...@er...>; ma...@do...
> Subject: RE: [PATCH RFC 0/5] TIPC encryption
> 
> Hi Ying,
> 
> Thanks a lot for reviewing the series!
> Your idea of a new kernel option is fine, but I'm not sure what its goal is. The new code is already "disabled"
> by default unless there's a key set by user, so it's generally still under user's control... The advantage I can
> see is the module's size but it is not that much (compared to the whole kernel). On the other hand, we will
> need to custom the kernel to get the feature on and some additional code for the "ifdef...else..."
> instructions. Do we really need the option?
> 
> @Jon: What is your opinion about this?
> 
> BR/Tuong
> 
> -----Original Message-----
> From: Xue, Ying <Yin...@wi...>
> Sent: Friday, November 1, 2019 9:20 PM
> To: Tuong Lien <tuo...@de...>; tip...@li...;
> jon...@er...; ma...@do...
> Subject: RE: [PATCH RFC 0/5] TIPC encryption
> 
> Good job.
> 
> This is a big and complex feature. Particularly for most of users who might not consider to use this feature,
> please consider to give them a choice to completely disable it by adding a new kernel option like
> TIPC_CRYPTO.
> 
> Thanks,
> Ying
> 
> -----Original Message-----
> From: Tuong Lien [mailto:tuo...@de...]
> Sent: Monday, October 14, 2019 7:07 PM
> To: tip...@li...; jon...@er...; ma...@do...; Xue, Ying
> Subject: [PATCH RFC 0/5] TIPC encryption
> 
> This series provides TIPC encryption feature, kernel part. There will be
> another one in the 'iproute2/tipc' for user space to set key.
> 
> Tuong Lien (5):
>   tipc: add reference counter to bearer
>   tipc: enable creating a "preliminary" node
>   tipc: add new AEAD key structure for user API
>   tipc: introduce TIPC encryption & authentication
>   tipc: add support for AEAD key setting via netlink
> 
>  include/uapi/linux/tipc.h         |   21 +
>  include/uapi/linux/tipc_netlink.h |    4 +
>  net/tipc/Makefile                 |    2 +-
>  net/tipc/bcast.c                  |    2 +-
>  net/tipc/bearer.c                 |   52 +-
>  net/tipc/bearer.h                 |    6 +-
>  net/tipc/core.c                   |   10 +
>  net/tipc/core.h                   |    4 +
>  net/tipc/crypto.c                 | 1986 +++++++++++++++++++++++++++++++++++++
>  net/tipc/crypto.h                 |  166 ++++
>  net/tipc/link.c                   |   16 +-
>  net/tipc/link.h                   |    1 +
>  net/tipc/msg.c                    |   24 +-
>  net/tipc/msg.h                    |   44 +-
>  net/tipc/netlink.c                |   16 +-
>  net/tipc/node.c                   |  314 +++++-
>  net/tipc/node.h                   |   10 +
>  net/tipc/sysctl.c                 |    9 +
>  net/tipc/udp_media.c              |    1 +
>  19 files changed, 2604 insertions(+), 84 deletions(-)
>  create mode 100644 net/tipc/crypto.c
>  create mode 100644 net/tipc/crypto.h
> 
> --
> 2.13.7
>