From: Jakub Kicinski <kuba@kernel.org>
To: Simo Sorce <simo@redhat.com>
Cc: Apoorv Kothari <apoorvko@amazon.com>,
sd@queasysnail.net, borisp@nvidia.com, dueno@redhat.com,
fkrenzel@redhat.com, gal@nvidia.com, netdev@vger.kernel.org,
tariqt@nvidia.com
Subject: Re: [PATCH net-next 0/5] tls: implement key updates for TLS1.3
Date: Wed, 25 Jan 2023 15:08:36 -0800 [thread overview]
Message-ID: <20230125150836.590fae7a@kernel.org> (raw)
In-Reply-To: <b2079e8c46815eedf40987e3c967e356242e3c52.camel@redhat.com>
On Wed, 25 Jan 2023 18:05:38 -0500 Simo Sorce wrote:
> > > If it is not guaranteed, are you blocking use of AES GCM and any other
> > > block cipher that may have very bad failure modes in a situation like
> > > this (in the case of AES GCM I am thinking of IV reuse) ?
> >
> > I don't know what you mean.
>
> The question was if there is *any* case where re-transmission can cause
> different data to be encrypted with the same key + same IV
Not in valid use cases. With zero-copy / sendfile Tx technically
the page from the page cache can change between tx and rtx, but
the user needs to opt in explicitly acknowledging the application
will prevent this from happening. If they don't opt-in we'll copy
the data.
next prev parent reply other threads:[~2023-01-25 23:08 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-17 13:45 [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 1/5] tls: remove tls_context argument from tls_set_sw_offload Sabrina Dubroca
2023-01-18 23:12 ` Vadim Fedorenko
2023-01-17 13:45 ` [PATCH net-next 2/5] tls: block decryption when a rekey is pending Sabrina Dubroca
2023-01-19 2:10 ` [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Apoorv Kothari
2023-01-17 13:45 ` [PATCH net-next 3/5] tls: implement rekey " Sabrina Dubroca
2023-01-17 23:16 ` Kuniyuki Iwashima
2023-01-18 10:38 ` Sabrina Dubroca
2023-01-19 1:25 ` Apoorv Kothari
2023-01-19 15:16 ` Sabrina Dubroca
2023-01-18 23:10 ` Vadim Fedorenko
2023-01-19 15:14 ` Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 4/5] selftests: tls: add key_generation argument to tls_crypto_info_init Sabrina Dubroca
2023-01-17 13:45 ` [PATCH net-next 5/5] selftests: tls: add rekey tests Sabrina Dubroca
2023-01-20 6:51 ` Apoorv Kothari
2023-01-18 2:03 ` [PATCH net-next 0/5] tls: implement key updates for TLS1.3 Jakub Kicinski
2023-01-18 10:06 ` Sabrina Dubroca
2023-01-19 2:55 ` Jakub Kicinski
2023-01-19 9:27 ` Gal Pressman
2023-01-23 10:13 ` Boris Pismenny
2023-01-24 15:56 ` Sabrina Dubroca
2023-01-25 18:47 ` Apoorv Kothari
2023-01-25 18:57 ` Jakub Kicinski
2023-01-25 21:17 ` Simo Sorce
2023-01-25 22:43 ` Jakub Kicinski
2023-01-25 23:05 ` Simo Sorce
2023-01-25 23:08 ` Jakub Kicinski [this message]
2023-01-25 23:52 ` Simo Sorce
2023-01-19 15:40 ` Sabrina Dubroca
2023-01-19 17:00 ` Jakub Kicinski
2023-01-19 20:51 ` Apoorv Kothari
2023-01-20 1:37 ` Vadim Fedorenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230125150836.590fae7a@kernel.org \
--to=kuba@kernel.org \
--cc=apoorvko@amazon.com \
--cc=borisp@nvidia.com \
--cc=dueno@redhat.com \
--cc=fkrenzel@redhat.com \
--cc=gal@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=simo@redhat.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).