Use of UDP ports for Photuris

[Ran Atkinson <rja@bodhi.cs.nrl.navy.mil>]

All,

  There have been some notes on the Implementer's List recently that
perhaps Photuris should not be using a well known UDP port.  The
long-standing consensus has been to use a well known UDP port for
Photuris messages.  Now the working group _can_ change its mind on this.

  Perhaps it would be useful if those in favour of the change would
outline in detail on the main IPsec WG list
	(1) what they would like to change to
    and (2) why the change is needed.

[Begin personal commentary]
  Our implementation includes a new kind of key management socket
that is analgous to the PF_ROUTE "routing socket" of BSD.  We
call our new socket PF_KEY.  From the NRL implementation perspective
(somewhat BSD oriented, but BSD is mainstream), it is highly desirable
to be able to put the key management protocol into applications that
sit on top of normal network Sockets and also a PF_Key socket.
Keeping the key mgmt protocol outside the kernel reduces kernel bloat
and more importantly makes it easier to add new key mgmt protocols
or to replace old key mgmt protocols (e.g. if a new bad attack
should be discovered in the future).

[End personal commentary]

Ran
rja@cs.nrl.navy.mil

---

Follow-Ups:

• Re: Use of UDP ports for Photuris
• From: Hilarie Orman <ho@cs.arizona.edu>
• Re: Use of UDP ports for Photuris
• From: "Perry E. Metzger" <perry@piermont.com>
• Re: Use of UDP ports for Photuris
• From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

---

• Prev by Date: Photuris use of SPI during Signature step
• Next by Date: Re: Use of UDP ports for Photuris
• Prev by thread: Photuris use of SPI during Signature step
• Next by thread: Re: Use of UDP ports for Photuris
• Index(es):
  • Main
  • Thread