Re: (IPng) out-of-band key management is like virtual circuits

[ashar@osmosys.incog.com (Ashar Aziz)]

> From: "Perry E. Metzger" <perry@imsi.com>
> You have to have upcalls from your kernel to deal with structured
> SAIDs, and you have to deal with different types of these structured
> SAIDs -- of course, you've only implemented the ones for SKIP, but
> what happens when someone else wants to use these structured SAIDs for
> some purpose? At which point, of course, the kernel has to distinguish
> between them and start building a switch table to decide where to do
> the upcall to. Of course it all can be done -- but its more
> complex. Its also less modular. Without this stuff, you can replace
> key management without any kernel manipulation at all.

Perry,

I don't understand this argument at all. Allowing the *possibility*
for someone else to implement a particular kind of key-mgmt
technique doesn't force you to do any kernel manipulations at all.

The way the DEC scheme works, the key-manipulations happen
in hardware, not even in the kernel. If someone implements that, 
then they have the hardware to do that. If not, then they don't do 
anything. Nobody is forcing you do implement any particular
scheme in the kernel. Those of us who want to implement a
particular scheme will have the right combination of software
and hardware to do that. And it's really not as complex as you are
making it out to be.

Regards,
Ashar.

---

• Prev by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
• Next by Date: Re: (IPng) Proposed Standard or no?
• Prev by thread: Re: (IPng) out-of-band key management is like virtual circuits
• Next by thread: Re: out-of-band key management is like virtual circuits
• Index(es):
  • Main
  • Thread