tech-security: Re: hardware crypto (fwd)

Subject: Re: hardware crypto (fwd)
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
From: None <itojun@iijlab.net>
List: tech-security
Date: 04/13/2000 00:31:14

  by mail.netbsd.org with SMTP; 12 Apr 2000 15:32:11 -0000
	by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id AAA07496;
	Thu, 13 Apr 2000 00:31:14 +0900 (JST)
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
cc: hubert.feyrer@informatik.fh-regensburg.de, tech-security@netbsd.org
In-reply-to: sommerfeld's message of Tue, 11 Apr 2000 16:43:40 -0400.
      <200004112043.UAA15130@orchard.arlington.ma.us>
Subject: Re: hardware crypto (fwd) 
From: itojun@iijlab.net
Date: Thu, 13 Apr 2000 00:31:14 +0900
Message-ID: <7494.955553474@coconut.itojun.org>


>Angelos Keromytis did at least some of the hardware crypto support
>work for OpenBSD -- last IETF meeting he encouraged us to at least
>look at it and possibly also pick it up.  I don't have cycles at this
>very moment to look at it, but ...

	I'll definitely need to look at openbsd.  after quick browse,
	there's one major difference in kame-ipsec and openbsd-ipsec code
	orientation.  in openbsd-ipsec a packet will visit ip_input or
	ip_output more than once.  kame-ipsec tries to avoid it.
	this makes some difference in creating ipsec processing queue.

itojun