[PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms
Hannes Reinecke
hare at suse.de
Mon Jul 19 02:56:49 PDT 2021
On 7/19/21 11:23 AM, Sagi Grimberg wrote:
>
>> TLS 1.3 specifies ECDH and curve25517 in addition to the FFDHE
>> groups, and these are already implemented in the kernel.
>
> So?
>
>> So add support for these non-standard groups for NVMe in-band
>> authentication to validate the augmented challenge implementation.
>
> Why? why should users come to expect controllers to support it?
Having ECDH and curve25517 algorithms (which are known-good
implementations) allows one to validate the ffdhe implementation, ie to
ensure that the remainder of the protocol works as designed, even if the
ffdhe implementation might not.
And one could argue that TLS1.3 specifies all of these algorithms, so
NVMe with it's explicit reference to TLS should do so, too.
But I don't insist on it; it's just nice for debugging, that's all.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
More information about the Linux-nvme
mailing list