Steffen Klassert: State of the IPsec networking subsystem

July 8, 2013

Participants: Steffen Klassert

People tagged: (none)

Steffen Klassert, maintainer of IPsec networking as well as some networking and crypto drivers, suggests discussing the state of IPsec networking and its relation to general networking, crypto, and security. He would also like to discuss how CPU-intensive crypto transformations can keep up with ever-increasing network bandwidths, including parallel and NUMA-aware crypto. Finally, he is concerned that the IPsec flow cache is vulnerable to DoS attacks, especially given that it can be controlled by remote entities. Given that the IPv4 routing cache was recently removed, can the IPsec cache also be removed without degrading performance?