[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[4]: key management




"Housley, Russ" says:
> However, the use you describe of the SAID might impact the 
> distant implemntation.  I think I have already given one example.

I agree that handling per-socket SAIDs will indeed require that both
the local and the remote host have their transport implementations
understand how to perform these actions. The changes to the transport,
however, seem small -- they end up being a truly tiny amount of
code. Given that for a small change one can gain pretty big wins, I
think its a worthwhile feature to layer on top of IPSP. Even ignoring
user issues, it is very natural to want different kinds of traffic to
get different kinds of encryption applied, and this is the only
reasonable way that I can think of to achieve that.

Perry


References: