[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions (per user keying)

   Date: Fri, 31 Mar 1995 12:33:39 -0800
   From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)

   Setting the security context information outside the kernel and doing so
   on a per-user basis are two very different things. When per-host keying
   is used, the IP implementation already has enough information, e.g., the
   destination address, to pass to a user-level daemon to establish/access a
   security context. When per-user keying is used, there will be changes
   required to the socket/TLI/XTI/etc/ interfaces so that an application can
   pass an SPI and security context information to the kernel.

And you consider this difficult?  As someone who does kernel hacking for
recreational purposes, adding a socket-level interface which will allow
this information to be passed in on a per-socket level, I would think
this will actually be easier than to do than necessary work of defining
a new interface for specifying which key needs to be used on a per-host

						- Ted