
Linux 4.13 support for TLS record layer in kernel space - FiloSottile
https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt
======
merricksb
Active discussion:

[https://news.ycombinator.com/item?id=15164568](https://news.ycombinator.com/item?id=15164568)

------
TheDong
One of my pet peeves is linking to 'master' in git repos.

This link has a higher chance than usual to link-rot because it's intentional
that the repo can change its structure over time. Even if it doesn't change
its structure, it's likely the file will change over time, so discussion here
referencing line numbers or paragraphs or whatever will become wrong.

Repos shouldn't have to worry about people linking to them either (as e.g. a
reason to not move files around willy-nilly)

Since by (rather strong) convention tags are immutable, you can link to a tag
instead.

In this case:
[https://github.com/torvalds/linux/blob/v4.13/Documentation/n...](https://github.com/torvalds/linux/blob/v4.13/Documentation/networking/tls.txt)

That link is also better because it explicitly shows the version of the repo
that is being referenced as well.

Even if there isn't a suitable tag, I'd much prefer a link to the commit hash
than any branch, which is expected to move.

------
fulafel
A link to the discussion would be good?

edit: [https://lwn.net/Articles/725721/](https://lwn.net/Articles/725721/) has
links, the paper has some discussion - one motivation is hardware offload.

~~~
snuxoll
Wouldn’t this help implement sendfile for TLS connection as well?

~~~
GrayShade
It might, it's also in the paper linked in the commit message:
[https://netdevconf.org/1.2/papers/ktls.pdf](https://netdevconf.org/1.2/papers/ktls.pdf)

------
agnokapathetic
What could possibly go wrong?

~~~
fulafel
A lot, but note that this is only the record layer, after the most error-prone
parts kuike the negotiation, certificate parsing, etc are done.

(Sadly there is a X.509 parser, used for other purpouses, in the kernel..
[http://cateee.net/lkddb/web-
lkddb/X509_CERTIFICATE_PARSER.ht...](http://cateee.net/lkddb/web-
lkddb/X509_CERTIFICATE_PARSER.html))

