Am 01.02.23 um 14:39 schrieb Christoph Hellwig:
On Wed, Feb 01, 2023 at 01:04:40PM +0100, Stefan Metzmacher wrote:
I think it is a security problem to send confidential data in plaintext over the wire, so we should avoid doing that even if rdma is in use.
Yep.
Modern Windows servers support signed and encrypted rdma offload, but we don't support this yet...
There is a series out on the list for encryption offload to mlx5 hardware, whch is one way to handle this. If not you need to bounce buffer.
Yes, I saw that, but I don't think it's usable, windows is using aes-{128,256}-{gcm,ccm}...
metze