David Miller <davem@xxxxxxxxxxxxx> wrote: >> >> VIA padlock engine or RSA? The former is heavily used in the wild, but >> why would anyone want to use RSA in the kernel? > > Automatic SSL done in-kernel on user data for socket I/O, with > hardware offload from the crypto layer when available. AFAIK asymmetric crypto is only used for SSL key exchange and not on the data transfers so I'm not sure whether this would be that useful. This is pretty much the same situation with IPsec where we delegate the key exchange to the userspace KMs. Now having in-kernel SSL data exchange support using the crypto API would be pretty cool and would provide the same level of crypto support to SSL users as we do for IPsec. So far the only proposed user for RSA in-kernel seems to be module signing and I'm staying well away from that debate :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
