Review of AEAD Encryption API Project; concluding December 5, 2008

Sam Hartman hartmans at MIT.EDU
Mon Dec 1 15:01:53 EST 2008

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Mon, Dec 01, 2008 at 02:40:19PM -0500, Sam Hartman
    Nicolas> wrote:
    >> I don't think stream buffers would be useful in the rddp case:
    >> rddp has fairly strong information about the data layout.

    Nicolas> Think of NFSv4-like COMPOUND above RDDP.  A COMPOUND
    Nicolas> could have two bulk data operations interspersed with
    Nicolas> other operations.

I'm still missing it.
Why do you think this compound will not be able to identify the crypto header and trailer?

    >> It makes the stream code significantly easier if it only has to
    >> deal with one stream buffer.  So my belief is that this is not
    >> worth the code complexity.  Based on a couple of wrong turns we
    >> made with handling padding, I think I have good handle on
    >> exactly how much complexity is introduced by supporting more
    >> buffers than is required.

    Nicolas> I understand that, but please don't paint yourselves into
    Nicolas> a corner on this.

I think expanding the API in the future would be easy from an
interface standpoint.  I think that the current behavior is to return
an error if you pass in multiple stream buffers, so you can tell which
API you have.

More information about the krbdev mailing list