Review of AEAD Encryption API Project; concluding December 5, 2008

Nicolas Williams Nicolas.Williams at
Mon Dec 1 15:41:26 EST 2008

On Mon, Dec 01, 2008 at 02:05:40PM -0600, Nicolas Williams wrote:
> >     Nicolas> I understand that, but please don't paint yourselves into
> >     Nicolas> a corner on this.
> > 
> > I think expanding the API in the future would be easy from an
> > interface standpoint.  I think that the current behavior is to return
> > an error if you pass in multiple stream buffers, so you can tell which
> > API you have.
> Make sure the same applies to the GSS-API extensions.

One thing that seems potentially important would be to communicate to
the application what alignment is preferred.  Splitting encryption or
decryption of a block of data across two chunks is likely to cause
performance problems (think of crypto HW).


More information about the krbdev mailing list