Re: Use of UDP ports for Photuris

[Hilarie Orman <ho@cs.arizona.edu>]

I'd like to see key management done as a protocol over IP.  This is
because it facilitates building high-assurance systems.  For example,
if the host policy requires all user-level network communication to be
AH or ESP protected, then I can easily build a protocol graph that
ensures this if key management is in the kernel.  If it isn't, then
there must be a filter that allows some key management messages to be
delivered to the user level while blocking other traffic.  This is a
displeasing architecture.

And, I'm not comfortable about having keys managed by a user-level
process, anyway.  I'd like to have the code that manages the keys
be able to manage real memory.

UDP doesn't have anything to offer IP key management.  Its port numbers
and checksum are just red herring.

---

Follow-Ups:

• Re: Use of UDP ports for Photuris
• From: "Perry E. Metzger" <perry@piermont.com>
• Re: Use of UDP ports for Photuris
• From: paul@hawksbill.sprintmrn.com (Paul Ferguson)

References:

• Use of UDP ports for Photuris
• From: Ran Atkinson <rja@bodhi.cs.nrl.navy.mil>

---

• Prev by Date: Use of UDP ports for Photuris
• Next by Date: Re: Use of UDP ports for Photuris
• Prev by thread: Use of UDP ports for Photuris
• Next by thread: Re: Use of UDP ports for Photuris
• Index(es):
  • Main
  • Thread