July 8, 2013
Participants: Steffen Klassert
People tagged: (none)
Steffen Klassert, maintainer of IPsec networking as well as some networking and crypto drivers, suggests discussing the state of IPsec networking and its relation to general networking, crypto, and security. He would also like to discuss how CPU-intensive crypto transformations can keep up with ever-increasing network bandwidths, including parallel and NUMA-aware crypto. Finally, he is concerned that the IPsec flow cache is vulnerable to DoS attacks, especially given that it can be controlled by remote entities. Given that the IPv4 routing cache was recently removed, can the IPsec cache also be removed without degrading performance?