I've said I'm not sure about the validity of that reasoning.
replyI've liked it nevertheless for context, as augmentation to parent's post.
I feel like it should be possible to fulfill these advantages with a minimal, not very complex API. I.e. the grandparent's comment about IPsec implementation details doesn't make the cut, but a hardware accelerated cipher implementation does.
replyBut is it true or not? Whoever wrote it. (for objective truth the subjects are unimportant)
replyIt might have been true in 2002 but it hasn't been true since at least about 2010.
replyYou've almost certainly never had a system that supported any hardware accelerated crypto that also required a kernel module.
It's much easier to expose as cpu extensions.
When you can’t know the objective truth or when there isn’t one (as is the case in making decisions about security tradeoffs in software design), knowing the source of the argument is vital to interpreting its validity.
replyI disagree 100%. Software security tradeoffs are definitely the sort of thing where you can evaluate arguments on their merits.
reply