Review of AEAD Encryption API Project; concluding December 5, 2008

[Sam Hartman]

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:

    Nicolas> On Mon, Dec 01, 2008 at 02:40:19PM -0500, Sam Hartman
    Nicolas> wrote:
    >> I don't think stream buffers would be useful in the rddp case:
    >> rddp has fairly strong information about the data layout.

    Nicolas> Think of NFSv4-like COMPOUND above RDDP.  A COMPOUND
    Nicolas> could have two bulk data operations interspersed with
    Nicolas> other operations.

I'm still missing it.
Why do you think this compound will not be able to identify the crypto header and trailer?

    >> It makes the stream code significantly easier if it only has to
    >> deal with one stream buffer.  So my belief is that this is not
    >> worth the code complexity.  Based on a couple of wrong turns we
    >> made with handling padding, I think I have good handle on
    >> exactly how much complexity is introduced by supporting more
    >> buffers than is required.

    Nicolas> I understand that, but please don't paint yourselves into
    Nicolas> a corner on this.

I think expanding the API in the future would be easy from an
interface standpoint.  I think that the current behavior is to return
an error if you pass in multiple stream buffers, so you can tell which
API you have.