[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of UDP ports for Photuris
Ran Atkinson writes:
> [Begin personal commentary]
> Our implementation includes a new kind of key management socket
> that is analgous to the PF_ROUTE "routing socket" of BSD. We
> call our new socket PF_KEY. From the NRL implementation perspective
> (somewhat BSD oriented, but BSD is mainstream), it is highly desirable
> to be able to put the key management protocol into applications that
> sit on top of normal network Sockets and also a PF_Key socket.
> Keeping the key mgmt protocol outside the kernel reduces kernel bloat
> and more importantly makes it easier to add new key mgmt protocols
> or to replace old key mgmt protocols (e.g. if a new bad attack
> should be discovered in the future).
>
> [End personal commentary]
This is similar to my own work and I strongly favor the approach of
keeping the key management system out of the kernel.
Perry
References: