[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions (per user keying)

To: Danny.Nessett@eng.sun.com
Subject: Re: IPv6 Security Last Call Initial Questions (per user keying)
From: Theodore Ts'o <tytso@MIT.EDU>
Date: Fri, 31 Mar 1995 17:22:22 +0500
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@ans.net, jis@MIT.EDU
In-Reply-To: Dan Nessett's message of Fri, 31 Mar 1995 12:33:39 -0800,<199503312033.MAA04237@elrond.Eng.Sun.COM>
Phone: (617) 253-8091

   Date: Fri, 31 Mar 1995 12:33:39 -0800
   From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)

   Setting the security context information outside the kernel and doing so
   on a per-user basis are two very different things. When per-host keying
   is used, the IP implementation already has enough information, e.g., the
   destination address, to pass to a user-level daemon to establish/access a
   security context. When per-user keying is used, there will be changes
   required to the socket/TLI/XTI/etc/ interfaces so that an application can
   pass an SPI and security context information to the kernel.

And you consider this difficult?  As someone who does kernel hacking for
recreational purposes, adding a socket-level interface which will allow
this information to be passed in on a per-socket level, I would think
this will actually be easier than to do than necessary work of defining
a new interface for specifying which key needs to be used on a per-host
basis.

						- Ted

Prev by Date: Re: IPv6 Security Last Call Initial Questions (per user keying)
Next by Date: Re: IPv6 Security Last Call Initial Questions
Next by thread: Re: (IPng) Proposed Standard or no?
Index(es):
- Main
- Thread