Message ID | cover.1675252643.git.metze@samba.org |
---|---|
Headers | show |
Series | avoid plaintext rdma offset if encryption is required | expand |
On Wed, Feb 01, 2023 at 01:04:40PM +0100, Stefan Metzmacher wrote: > I think it is a security problem to send confidential data in plaintext > over the wire, so we should avoid doing that even if rdma is in use. Yep. > Modern Windows servers support signed and encrypted rdma offload, > but we don't support this yet... There is a series out on the list for encryption offload to mlx5 hardware, whch is one way to handle this. If not you need to bounce buffer.
Am 01.02.23 um 14:39 schrieb Christoph Hellwig: > On Wed, Feb 01, 2023 at 01:04:40PM +0100, Stefan Metzmacher wrote: >> I think it is a security problem to send confidential data in plaintext >> over the wire, so we should avoid doing that even if rdma is in use. > > Yep. > >> Modern Windows servers support signed and encrypted rdma offload, >> but we don't support this yet... > > There is a series out on the list for encryption offload to mlx5 > hardware, whch is one way to handle this. If not you need to bounce > buffer. Yes, I saw that, but I don't think it's usable, windows is using aes-{128,256}-{gcm,ccm}... metze