On Wed, 15 Feb 2023 18:29:50 +0100 Sabrina Dubroca wrote: > > And how will we handle re-keying in offload? > > Sorry for the stupid question... do you mean that I need to solve that > problem before this series can progress, or that the cover letter > should summarize the state of the discussion? I maintain that 1.3 offload is much more important than rekeying. Offloads being available for 1.2 may be stalling adoption of 1.3 (just a guess, I run across this article mentioning 1.2 being used in Oracle cloud for instance: https://blogs.oracle.com/cloudsecurity/post/how-oci-helps-you-protect-data-with-default-encryption could be because MITM requirements, or maybe they have HW which can only do 1.2? Dunno). But I'm willing to compromise, we just need a solid plan of how to handle the inevitable. I'm worried that how this will pay out is: - you don't care about offload and add rekey - vendors don't care about rekey and add 1.3 ... time passes ... - both you and the vendors have moved on - users run into issues, waste their time debugging and eventually report the problem upstream - it's on me to fix? :(
