Re: Re[2]: key management

["Perry E. Metzger" <perry@imsi.com>]

"Housley, Russ" says:
> I am not trying to put a straight-jacket on anyone or on any design.  
> Rather, I am trying to preserve some layer independence.  Layer 
> independence has allowed many experiments to proceed on the Internet 
> because they could take advantage of the services provided by existing 
> protocol layers.

There is so little layer independence in, for example, the BSD
networking code (perhaps the most widely deployed implementation) that
I see little reason to try to preserve an illusion of something that
was never there. This is not to say that the code is badly structured
-- it is well built. Layer violations are, however, required to deal
with real-world networking.

> If one layer must provide parameters that it would not otherwise care 
> about, then the layers are not indpenedent.

You mean like the fact that the ip_output routine in the BSD kernel is
written to allow per-socket caching of routing information?  In the
pristine, pure, layered universe that never was we weren't supposed to
have the transport know about the existence of routing. How about the
flags and options passed down from the transport? Guess we can't have
those, either.

Quoting Padlipsky, "Do you want protocols that look nice or protocols
that work nice?"

Actually, I the mechanism I've proposed looks nice, too. Its a
remarkably clean mechanism. I've been playing with what it does to the
applications and the kernel internals and it looks like it achieves my
personal goals for simplicity combined with power.

Perry

---

References:

• Re: Re[2]: key management
• From: "Housley, Russ" <housley@spyrus.com>

---

• Prev by Date: Proposal: user-keys are implementation decision
• Next by Date: Re: randomness & perfect forward (or proactive?) secrecy
• Prev by thread: Re: Re[2]: key management
• Next by thread: Re: Re[2]: key management
• Index(es):
  • Main
  • Thread