james15-qc.log

sarnold jamesm: it'd make my life easier if you guys included assymmetric algorithms too :) sh0nX eep sh0nX where's jamesm? Ricardo #linux sh0nX so how is he seeing the questions? Ricardo ah Ricardo jamesq Ricardo :-) sh0nX doh sh0nX i was wondering sh0nX jamesq: can this new crypto API be used for SSH/SSL? or we still need to depend on software level crypto? sh0nX neato! sarnold i'd think cryptoloop might need to use ECB mode for random access to blocks.. is this correct? sarnold s/g lists of pages.. i'm drooling. :) addict he's probly lookin' for an answer ;) sarnold (and keeping our translators in mind :) sarnold oh, cool! :) good addict openbsd use crypto since a while, am I wrong ? sarnold addict: several releases now addict its what I thought addict do you know why linux didn't integrated it before ? seeker it was a separate patch maybe addict ok addict *btw, hi seeker* seeker ;) sh0nX Canada :) sh0nX Calgary to be exact seeker yeah sh0nX with the new crypto, is all the memory protected while in use? sh0nX i would assume so :) sarnold sh0nX: kernel memory cannot be paged to disk sh0nX good :)) sh0nX i should hope not addict are you looking for some hardware crypto such as powercrypt ? sh0nX uh oh sh0nX a side question not for #linux: how would this kernel API intergrate with *cough* Palladium ;( sarnold jamesq, which reminds me: sarnold http://support.3com.com/infodeli/tools/nic/linux.htm sh0nX sarnold: those drivers are outdated? (they didnt make a 2.5) sarnold sh0nX: that isn't surprising :) sarnold jamesq: has there been discussion on using the openbsd /dev/crypto api itself? sh0nX (C) 1999 sh0nX heh Ricardo ups Ricardo that was not meant for this channel O:) addict jamesm: could be nice to past this URL too: http://www.openbsd.org/crypto.html sarnold jamesq: how would you suggest someone try to implement, e.g, RSA for the plugin api? sarnold oh cool :) (re jean-luc cooke :) riel jamesq: did you read my idea about "random ipsec" without authentication ? does it look useful or does ipsec really need authentication to be useful ? sarnold riel: i'd guess it is useful :) addict me too riel basically the idea was to have a "default ipsec" thingy that negotiates encryption with unknown hosts riel so a large percentage of internet traffic gets encrypted riel and passive sniffing of bulk traffic becomes prohibitively expensive sarnold riel: you'd upset many major govts... ;) riel also, many hosts on the internet have connections with thousands of hosts every day, some of which _will_ have proper authentication riel so it's not safe to do a generic man-in-the-middle to grab all traffic from a host, it will probably be detected quickly riel sarnold: that's the idea riel jamesq: ahh, but it's not about real trust, it is about making passive sniffing of bulk traffic prohibitively expensive riel since ipsec hides things like the port number riel jamesq: if only 0.1% of the participating ipsec hosts have proper authentication, a MITM attack could still be detected quickly Ricardo Mmh... I think we're going to live-translate #qc too :-) Sometimes it has interesting discussion :-) Arador if we have resources we could try Ricardo ok :-) focus :-) Ricardo Some general questions on crypto? Ricardo jamesq is waiting :-) garoeda how can a normal user benefit of this? sarnold jamesq: any thoughts on theo's idea of setting aside one processor of an SMP machine for crypto tasks? jamesq should we move this to an open discussion on #linux? riel jamesq: I guess that's best addict why not garoeda translation question: is this part of the talk addict riel's idea is very interesting sarnold garoeda: dunno.. translate if you've got the hands, i guess garoeda sarnold: ok, i'll try Generated by irclog2html.pl 2.1 by Jeff Waugh - find it at freshmeat.net!

`sarnold`	`jamesm: it'd make my life easier if you guys included assymmetric algorithms too :)`
`sh0nX`	`eep`
`sh0nX`	`where's jamesm?`
`Ricardo`	`#linux`
`sh0nX`	`so how is he seeing the questions?`
`Ricardo`	`ah`
`Ricardo`	`jamesq`
`Ricardo`	`:-)`
`sh0nX`	`doh`
`sh0nX`	`i was wondering`
`sh0nX`	`jamesq: can this new crypto API be used for SSH/SSL? or we still need to depend on software level crypto?`
`sh0nX`	`neato!`
`sarnold`	`i'd think cryptoloop might need to use ECB mode for random access to blocks.. is this correct?`
`sarnold`	`s/g lists of pages.. i'm drooling. :)`
`addict`	`he's probly lookin' for an answer ;)`
`sarnold`	`(and keeping our translators in mind :)`
`sarnold`	`oh, cool! :) good`
`addict`	`openbsd use crypto since a while, am I wrong ?`
`sarnold`	`addict: several releases now`
`addict`	`its what I thought`
`addict`	`do you know why linux didn't integrated it before ?`
`seeker`	`it was a separate patch maybe`
`addict`	`ok`
`addict`	`btw, hi seeker`
`seeker`	`;)`
`sh0nX`	`Canada :)`
`sh0nX`	`Calgary to be exact`
`seeker`	`yeah`
`sh0nX`	`with the new crypto, is all the memory protected while in use?`
`sh0nX`	`i would assume so :)`
`sarnold`	`sh0nX: kernel memory cannot be paged to disk`
`sh0nX`	`good :))`
`sh0nX`	`i should hope not`
`addict`	`are you looking for some hardware crypto such as powercrypt ?`
`sh0nX`	`uh oh`
`sh0nX`	`a side question not for #linux: how would this kernel API intergrate with cough Palladium ;(`
`sarnold`	`jamesq, which reminds me:`
`sarnold`	`http://support.3com.com/infodeli/tools/nic/linux.htm`
`sh0nX`	`sarnold: those drivers are outdated? (they didnt make a 2.5)`
`sarnold`	`sh0nX: that isn't surprising :)`
`sarnold`	`jamesq: has there been discussion on using the openbsd /dev/crypto api itself?`
`sh0nX`	`(C) 1999`
`sh0nX`	`heh`
`Ricardo`	`ups`
`Ricardo`	`that was not meant for this channel O:)`
`addict`	`jamesm: could be nice to past this URL too: http://www.openbsd.org/crypto.html`
`sarnold`	`jamesq: how would you suggest someone try to implement, e.g, RSA for the plugin api?`
`sarnold`	`oh cool :) (re jean-luc cooke :)`
`riel`	`jamesq: did you read my idea about "random ipsec" without authentication ? does it look useful or does ipsec really need authentication to be useful ?`
`sarnold`	`riel: i'd guess it is useful :)`
`addict`	`me too`
`riel`	`basically the idea was to have a "default ipsec" thingy that negotiates encryption with unknown hosts`
`riel`	`so a large percentage of internet traffic gets encrypted`
`riel`	`and passive sniffing of bulk traffic becomes prohibitively expensive`
`sarnold`	`riel: you'd upset many major govts... ;)`
`riel`	`also, many hosts on the internet have connections with thousands of hosts every day, some of which _will_ have proper authentication`
`riel`	`so it's not safe to do a generic man-in-the-middle to grab all traffic from a host, it will probably be detected quickly`
`riel`	`sarnold: that's the idea`
`riel`	`jamesq: ahh, but it's not about real trust, it is about making passive sniffing of bulk traffic prohibitively expensive`
`riel`	`since ipsec hides things like the port number`
`riel`	`jamesq: if only 0.1% of the participating ipsec hosts have proper authentication, a MITM attack could still be detected quickly`
`Ricardo`	`Mmh... I think we're going to live-translate #qc too :-) Sometimes it has interesting discussion :-)`
`Arador`	`if we have resources we could try`
`Ricardo`	`ok :-) focus :-)`
`Ricardo`	`Some general questions on crypto?`
`Ricardo`	`jamesq is waiting :-)`
`garoeda`	`how can a normal user benefit of this?`
`sarnold`	`jamesq: any thoughts on theo's idea of setting aside one processor of an SMP machine for crypto tasks?`
`jamesq`	`should we move this to an open discussion on #linux?`
`riel`	`jamesq: I guess that's best`
`addict`	`why not`
`garoeda`	`translation question: is this part of the talk`
`addict`	`riel's idea is very interesting`
`sarnold`	`garoeda: dunno.. translate if you've got the hands, i guess`
`garoeda`	`sarnold: ok, i'll try`