On Tue, Sep 7, 2010 at 4:11 PM, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxxx> wrote: >> > This is what I am proposing for the Crypto API user-interface. >> >> Can you explain why we would ever want a userspace interface to it? >> >> doing crypto in kernel for userspace consumers sis simply insane. >> It's computational intensive code which has no business in kernel space >> unless absolutely required (e.g. for kernel consumers). In addition >> to that adding the context switch overhead and address space transitions >> is god awfull too. >> >> This all very much sounds like someone had far too much crack. > > FWIW I don't care about user-space using kernel software crypto at > all. It's the security people that do. Then I'd suggest to not enforce your design over to people who have thought and have interests on that. The NCR api which you rejected (for not supporting kernel keyring - which your design also doesn't!), has specific security goals and protects against specific threats. This design here has been proposed by you quite many times in the past and neither you, nor anyone else bothered implementing it. Now we have two working implementations that offer user-space access to crypto operations, (the openbsd cryptodev port), and NCR, but you discard them and insist on a different design. Maybe yours is better (you have to argue about that)... Probably I'd use it if it was there, but it isn't. regards, Nikos -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
