Subject: Re: Adding opencrypto, crypto acceelerator to GENERIC kernels?
To: None <sommerfeld@netbsd.org>
From: Jason Thorpe <thorpej@wasabisystems.com>
List: tech-crypto
Date: 11/18/2003 20:42:19
On Nov 18, 2003, at 8:29 PM, Bill Sommerfeld wrote:

> i'll admit to a certain lack of familiarity with the /dev/crypto
> interface, but doing software crypto in the kernel on behalf of
> userspace makes absolutely no sense unless you're implementing
> indirect keying with a trusted in-kernel keystore not accessible to
> userland...
>
> And a knob doesn't make sense for that because userland wouldn't have
> access to the keys in the first place in that case..

In general, I agree.  I would rather we not support it at all, but I 
can see how it could be useful for debugging/trouble-shooting.

         -- Jason R. Thorpe <thorpej@wasabisystems.com>