Review of AEAD Encryption API Project; concluding December 5, 2008
hartmans at MIT.EDU
Mon Dec 1 15:01:53 EST 2008
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> On Mon, Dec 01, 2008 at 02:40:19PM -0500, Sam Hartman
>> I don't think stream buffers would be useful in the rddp case:
>> rddp has fairly strong information about the data layout.
Nicolas> Think of NFSv4-like COMPOUND above RDDP. A COMPOUND
Nicolas> could have two bulk data operations interspersed with
Nicolas> other operations.
I'm still missing it.
Why do you think this compound will not be able to identify the crypto header and trailer?
>> It makes the stream code significantly easier if it only has to
>> deal with one stream buffer. So my belief is that this is not
>> worth the code complexity. Based on a couple of wrong turns we
>> made with handling padding, I think I have good handle on
>> exactly how much complexity is introduced by supporting more
>> buffers than is required.
Nicolas> I understand that, but please don't paint yourselves into
Nicolas> a corner on this.
I think expanding the API in the future would be easy from an
interface standpoint. I think that the current behavior is to return
an error if you pass in multiple stream buffers, so you can tell which
API you have.
More information about the krbdev