Photuris

["Aggelos D. Keromitis" <kermit@forthnet.gr>]

The Photuris draft says that the local address should be used for cookie
generation and distinguishing simultaneous key generation sessions with the
same host. However, there is no (portable?) way to find over what local
interface a UDP packet arrived. I think the draft should be modified to
exclude the use of the local address (and possibly local port as well).
Of course, one could have the daemon bind to each and every address of the
host, but it doesn't sound like a good solution, especially when there's not
much gain from using the local address/port (the secret value is enough).
-Aggelos

---

• Prev by Date: Re: What can applications running over ipsec assume?
• Next by Date: Followup question
• Prev by thread: Re: What can applications running over ipsec assume?
• Next by thread: Followup question
• Index(es):
  • Main
  • Thread