From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124])
 by mx.groups.io with SMTP id smtpd.web09.14290.1605132676183193107
 for <devel@edk2.groups.io>;
 Wed, 11 Nov 2020 14:11:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=dGmvMVlm;
 spf=pass (domain: redhat.com, ip: 216.205.24.124, mailfrom: lersek@redhat.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1605132675;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IhNKTkqfNv+ABz4yVmL0kavP9wp01/FDj+QJnkqKXyk=;
	b=dGmvMVlm9YM0FOmUWgkY+6NZ40p6n1Nckcw63mWYgaPZY32shs2ZId6QxEcTdMrcmVcvOW
	/r05sFZqqHz4eJTnB6hHQ09gkD5sd3wJFYmwTTRYg8aNo3QNqNDvzzKWdzGx9PihCVzw/X
	jMAx8s7SOwRZSkFtn5+TeYIAcq9CEb0=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-581-JJ-whPZFO3-wdokSSx6aew-1; Wed, 11 Nov 2020 17:11:10 -0500
X-MC-Unique: JJ-whPZFO3-wdokSSx6aew-1
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 609678DFB44;
	Wed, 11 Nov 2020 22:11:07 +0000 (UTC)
Received: from lacos-laptop-7.usersys.redhat.com (ovpn-113-85.ams2.redhat.com [10.36.113.85])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3E6BB55792;
	Wed, 11 Nov 2020 22:11:03 +0000 (UTC)
Subject: Re: [PATCH V3 11/12] NetworkPkg/Defines: Make iSCSI disable as default
To: Zhichao Gao <zhichao.gao@intel.com>, devel@edk2.groups.io
Cc: Jordan Justen <jordan.l.justen@intel.com>,
 Ard Biesheuvel <ard.biesheuvel@arm.com>, Sami Mujawar
 <sami.mujawar@arm.com>, Leif Lindholm <leif@nuviainc.com>,
 Jiewen Yao <jiewen.yao@intel.com>, Jian J Wang <jian.j.wang@intel.com>,
 Xiaoyu Lu <xiaoyux.lu@intel.com>, Guomin Jiang <guomin.jiang@intel.com>,
 Michael D Kinney <michael.d.kinney@intel.com>,
 Kelly Steele <kelly.steele@intel.com>, Zailiang Sun
 <zailiang.sun@intel.com>, Yi Qian <yi.qian@intel.com>,
 Liming Gao <gaoliming@byosoft.com.cn>,
 Maciej Rabeda <maciej.rabeda@linux.intel.com>,
 Jiaxin Wu <jiaxin.wu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>
References: <20201110173651.54036-1-zhichao.gao@intel.com>
 <20201110173651.54036-12-zhichao.gao@intel.com>
From: "Laszlo Ersek" <lersek@redhat.com>
Message-ID: <bf8efc9f-7da6-9e13-ebc6-c1fece8fd233@redhat.com>
Date: Wed, 11 Nov 2020 23:11:02 +0100
MIME-Version: 1.0
In-Reply-To: <20201110173651.54036-12-zhichao.gao@intel.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=lersek@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit

On 11/10/20 18:36, Zhichao Gao wrote:
> REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3003
> 
> iSCSI is using the undeprecated function MD5. It is

(1) I think you meant "deprecated"

> better to make the default setting secure. If the platforms
> want to use the iSCSI, they should enable it in the platforms'
> dsc file and be aware they are using an unsafe function.

(2) I suggest replacing "unsafe function" with "function with weak
cryptography".

> 
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Sami Mujawar <sami.mujawar@arm.com>
> Cc: Leif Lindholm <leif@nuviainc.com>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Xiaoyu Lu <xiaoyux.lu@intel.com>
> Cc: Guomin Jiang <guomin.jiang@intel.com>
> Cc: Michael D Kinney <michael.d.kinney@intel.com>
> Cc: Kelly Steele <kelly.steele@intel.com>
> Cc: Zailiang Sun <zailiang.sun@intel.com>
> Cc: Yi Qian <yi.qian@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Cc: Maciej Rabeda <maciej.rabeda@linux.intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
> ---
>  NetworkPkg/NetworkDefines.dsc.inc | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/NetworkPkg/NetworkDefines.dsc.inc b/NetworkPkg/NetworkDefines.dsc.inc
> index a442d1b157..18921d81f6 100644
> --- a/NetworkPkg/NetworkDefines.dsc.inc
> +++ b/NetworkPkg/NetworkDefines.dsc.inc
> @@ -17,7 +17,7 @@
>  #   DEFINE NETWORK_TLS_ENABLE             = TRUE
>  #   DEFINE NETWORK_HTTP_BOOT_ENABLE       = TRUE
>  #   DEFINE NETWORK_ALLOW_HTTP_CONNECTIONS = FALSE
> -#   DEFINE NETWORK_ISCSI_ENABLE           = TRUE
> +#   DEFINE NETWORK_ISCSI_ENABLE           = FALSE
>  #   DEFINE NETWORK_VLAN_ENABLE            = TRUE
>  #
>  # Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
> @@ -101,7 +101,7 @@
>    #       Both OpensslLib.inf and OpensslLibCrypto.inf library instance can be used
>    #       since libssl is not required for iSCSI.
>    #
> -  DEFINE NETWORK_ISCSI_ENABLE = TRUE
> +  DEFINE NETWORK_ISCSI_ENABLE = FALSE
>  !endif
>  
>  !if $(NETWORK_ENABLE) == TRUE
> 

With the above commit message updates:

Reviewed-by: Laszlo Ersek <lersek@redhat.com>

Thanks
Laszlo