Hey, Seems like I'm stabbing into open wounds. :) First of all, thanks a lot for your comments. On Fri, Jun 11, 2010 at 11:08:56AM +0200, Sebastian Andrzej Siewior wrote: > * Nikos Mavrogiannopoulos | 2010-06-11 09:47:15 [+0200]: > > >Sebastian Andrzej Siewior wrote: > >> * Phil Sutter | 2010-06-10 20:22:29 [+0200]: > > > >The problem with right or wrong is that they are only known afterwards. > >For me the right way to go is _to go_. I can see discussions in this > >least, years ago on talks about the "perfect" userspace crypto api and > >rejections implementations because they are not perfect enough. I don't > >believe there is such thing as a perfect crypto api. Other operating > >systems have a userspace crypto API (maybe not perfect) but linux > >hasn't. I don't think this is the way to go. > > Phil asked me for my opinion and he got it. The fundumention problems > from what I've seen was the interface: > - kernel structs which are exposed to userland which limit the > parameters. For instance the iv was limited to 16 bytes while we have > allready algos with a much longer iv. > - the interface was using write()/poll()/read() and get_user_pages(). I > pointed out Herbert's opinion about this and the alternative. So this > _was_ allready discsussed. For me, this project is a rather pragmatical one - this just needs to get done, and it has to be just perfect enough so my employer finds it usable. Nice to have if I happen to create the perfect CryptoAPI user space interface ever (yeah, right ...) but this is unlikely to happen. For me it's enough to first get the concept right and next make it stable and functional. After that I'm sure we all can tell better if it's worth pushing it towards the kernel or leave it as (yet another) niche product. Greetings, Phil -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html