On 8/21/22 2:34 PM, Leonard Crestez wrote: > On 8/18/22 19:59, Dmitry Safonov wrote: >> This patchset implements the TCP-AO option as described in RFC5925. There >> is a request from industry to move away from TCP-MD5SIG and it seems >> the time >> is right to have a TCP-AO upstreamed. This TCP option is meant to replace >> the TCP MD5 option and address its shortcomings. Specifically, it >> provides >> more secure hashing, key rotation and support for long-lived connections >> (see the summary of TCP-AO advantages over TCP-MD5 in (1.3) of RFC5925). >> The patch series starts with six patches that are not specific to TCP-AO >> but implement a general crypto facility that we thought is useful >> to eliminate code duplication between TCP-MD5SIG and TCP-AO as well as >> other >> crypto users. These six patches are being submitted separately in >> a different patchset [1]. Including them here will show better the gain >> in code sharing. Next are 18 patches that implement the actual TCP-AO >> option, >> followed by patches implementing selftests. >> >> The patch set was written as a collaboration of three authors (in >> alphabetical >> order): Dmitry Safonov, Francesco Ruggeri and Salam Noureddine. >> Additional >> credits should be given to Prasad Koya, who was involved in early >> prototyping >> a few years back. There is also a separate submission done by Leonard >> Crestez >> whom we thank for his efforts getting an implementation of RFC5925 >> submitted >> for review upstream [2]. This is an independent implementation that makes >> different design decisions. > > Is this based on something that Arista has had running for a while now > or is a recent new development? > ... > Seeing an entirely distinct unrelated implementation is very unexpected. > What made you do this? > I am curious as well. You are well aware of Leonard's efforts which go back a long time, why go off and do a separate implementation?