[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: Granularity of authentication in swIPe
Ted:
You said:
It depends on how you look at it. If IPSP always passes a pointer
of the header structure to the crypto software along with the
ciphertext portion of the packet, the IPSP layer need not "know"
anything about what, if anything, some particular crypto layer
might use from the header portion of the packet. It does has the
downside of making it harder to reuse that interface crypto layer
for some other non-IPSP layer on top --- but I'm not convinced
that that level of modularity is really all that worthwhile.
Boy, do I disagree. Most cryptographic libraries do not include parsers
for protocol headers. Rather, the protocol engine parses the header, and
then it call on the cryptographic library to encrypt, decrypt, etc. I just
do not see cryptography as a "layer." Rather, I see a security protocol as
a "layer" that uses cryptographic modules.
Russ
Follow-Ups: