[virtio-comment] Re: [V3 PATCH 1/1] virtio-crypto: introduce akcipher service

["Michael S. Tsirkin" <mst@redhat.com>]

On Thu, Jan 20, 2022 at 08:12:49AM +0000, Gonglei (Arei) wrote:
> 
> 
> > -----Original Message-----
> > From: Michael S. Tsirkin [mailto:mst@redhat.com]
> > Sent: Thursday, January 20, 2022 3:27 PM
> > To: Gonglei (Arei) <arei.gonglei@huawei.com>
> > Cc: 何磊 <helei.sig11@bytedance.com>; virtio-comment@lists.oasis-open.org;
> > pizhenwei@bytedance.com; xin.zeng@intel.com
> > Subject: Re: [V3 PATCH 1/1] virtio-crypto: introduce akcipher service
> > 
> > On Thu, Jan 20, 2022 at 05:48:09AM +0000, Gonglei (Arei) wrote:
> > >
> > >
> > > > -----Original Message-----
> > > > From: Michael S. Tsirkin [mailto:mst@redhat.com]
> > > > Sent: Wednesday, January 19, 2022 11:17 PM
> > > > To: 何磊 <helei.sig11@bytedance.com>
> > > > Cc: virtio-comment@lists.oasis-open.org; pizhenwei@bytedance.com;
> > > > xin.zeng@intel.com; Gonglei (Arei) <arei.gonglei@huawei.com>
> > > > Subject: Re: [V3 PATCH 1/1] virtio-crypto: introduce akcipher
> > > > service
> > > >
> > > > On Tue, Jan 11, 2022 at 11:14:27AM +0800, 何磊 wrote:
> > > > > Hello virtio community,
> > > > >
> > > > >         I’d like to request the TC vote on resolving the follow issue:
> > > > > 	Enhancement: https://github.com/oasis-tcs/virtio-spec/issues/129
> > > >
> > > > Does not look like we have a lot of response with this, and it seems
> > > > risky to add this now since spec freeze is imminent.
> > > > I think the right way to do it is to submit the supporting patches
> > > > to the linux kernel and probably qemu.
> > > > A bunch of crypto experts on the linux mailing list.
> > > >
> > > > In particular I note that virtio crypto already has a ton of
> > > > features that don't seem to be supported by the linux driver or
> > > > qemu.  Kind of reluctant to add more without some review from developers
> > implementing this.
> > > >
> > > >
> > > Hi Michael,
> > >
> > > I can't agree more with you. Eg. the virtio crypto doesn't support
> > > stateless mode currently in linux and qemu upstream lthough this
> > > virtio crypto spec already supports. If we expand the specification in firstly, it
> > may make it more difficult to maintain in the future.
> > >
> > > Regards,
> > > -Gonglei
> > 
> > 
> > So what's the plan with stateless btw? why isn't it used? is it completely useless?
> > why do we have it in the spec?
> > 
> 
> The stateless mode is valuable in short connection encryption scenarios. 
> It does not need to create sessions which is proposed by Stefan IIRC. 
> 
> Actually, we completed a demo before, but the demo was not pushed to the community 
> due to other arrangements in the company projects. When we find a gap, we'll push it again. :)
> 
> Regards,
> -Gonglei

Right. IOW it was added to spec too early. Can you review the
akcipher spec proposal meanwhile?

-- 
MST


This publicly archived list offers a means to provide input to the
OASIS Virtual I/O Device (VIRTIO) TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: virtio-comment-subscribe@lists.oasis-open.org
Unsubscribe: virtio-comment-unsubscribe@lists.oasis-open.org
List help: virtio-comment-help@lists.oasis-open.org
List archive: https://lists.oasis-open.org/archives/virtio-comment/
Feedback License: https://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: https://www.oasis-open.org/policies-guidelines/mailing-lists
Committee: https://www.oasis-open.org/committees/virtio/
Join OASIS: https://www.oasis-open.org/join/