Re: [PATCH iproute2-next v2] man8: ip-sr: Document that passphrase must be high-entropy

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: netdev@vger.kernel.org, David Ahern <dsahern@gmail.com>,
	Andrea Mayer <andrea.mayer@uniroma2.it>,
	David Lebrun <dlebrun@google.com>
Subject: Re: [PATCH iproute2-next v2] man8: ip-sr: Document that passphrase must be high-entropy
Date: Wed, 20 Aug 2025 12:54:58 -0700	[thread overview]
Message-ID: <20250820125458.0335f600@hermes.local> (raw)
In-Reply-To: <20250820184317.GA1838@quark>

On Wed, 20 Aug 2025 11:43:17 -0700
Eric Biggers <ebiggers@kernel.org> wrote:

> On Wed, Aug 20, 2025 at 09:25:35AM -0700, Stephen Hemminger wrote:
> > On Fri, 15 Aug 2025 20:18:46 -0700
> > Eric Biggers <ebiggers@kernel.org> wrote:
> >   
> > > diff --git a/man/man8/ip-sr.8 b/man/man8/ip-sr.8
> > > index 6be1cc54..cd8c5d18 100644
> > > --- a/man/man8/ip-sr.8
> > > +++ b/man/man8/ip-sr.8
> > > @@ -1,6 +1,6 @@
> > > -.TH IP\-SR 8 "14 Apr 2017" "iproute2" "Linux"
> > > +.TH IP\-SR 8 "15 Aug 2025" "iproute2" "Linux"  
> > 
> > NAK - do not change man page date for each change.  
> 
> Sure, if that's the convention for this project.  Note that this differs
> from the convention used by most projects with dated man pages.  The
> purpose of the date is normally to indicate how fresh the man page is.
> 
> > >  .SH "NAME"
> > >  ip-sr \- IPv6 Segment Routing management
> > >  .SH SYNOPSIS
> > >  .sp
> > >  .ad l
> > > @@ -32,13 +32,21 @@ internal parameters.
> > >  .PP
> > >  Those parameters include the mapping between an HMAC key ID and its associated
> > >  hashing algorithm and secret, and the IPv6 address to use as source for encapsulated
> > >  packets.
> > >  .PP
> > > -The \fBip sr hmac set\fR command prompts for a passphrase that will be used as the
> > > -HMAC secret for the corresponding key ID. A blank passphrase removes the mapping.
> > > -The currently supported algorithms for \fIALGO\fR are \fBsha1\fR and \fBsha256\fR.
> > > +The \fBip sr hmac set\fR command prompts for a newline-terminated "passphrase"  
> > 
> > That implies that newline is part of the pass phrase.  
> 
> Not really.  "NUL-terminated" strings don't include the NUL in the
> string content.  If you prefer, it could be made explicit as follows:
> 
>     The \fBip sr hmac set\fR command prompts for a "passphrase" that
>     will be used as the HMAC secret for the corresponding key ID. The
>     passphrase is terminated by a newline, but the terminating newline
>     is not included in the resulting passphrase.
> 
> But I don't think it's very useful, as it's not needed to know how to
> use the command correctly.
> 
> > The code to read password is using getpass() which is marked as obsolete
> > in glibc. readpassphrase is preferred.  
> 
> Is that relevant to this documentation patch?
> 
> > > +that will be used as the HMAC secret for th

Since this is only part of iproute2 that uses getpass() probably should
be rethought. Having key come from terminal seems hard to script
and awkward.

next prev parent reply	other threads:[~2025-08-20 19:55 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-08-16  3:18 [PATCH iproute2-next v2] man8: ip-sr: Document that passphrase must be high-entropy Eric Biggers
2025-08-20 16:25 ` Stephen Hemminger
2025-08-20 18:43   ` Eric Biggers
2025-08-20 19:54     ` Stephen Hemminger [this message]
2025-08-20 22:07       ` Andrea Mayer
2025-08-21  3:21         ` Eric Biggers
2025-08-22 23:39           ` Paolo Lungaroni
2025-08-23  0:08             ` Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250820125458.0335f600@hermes.local \
    --to=stephen@networkplumber.org \
    --cc=andrea.mayer@uniroma2.it \
    --cc=dlebrun@google.com \
    --cc=dsahern@gmail.com \
    --cc=ebiggers@kernel.org \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).