[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of UDP ports for Photuris




Ran Atkinson writes:
> [Begin personal commentary]
>   Our implementation includes a new kind of key management socket
> that is analgous to the PF_ROUTE "routing socket" of BSD.  We
> call our new socket PF_KEY.  From the NRL implementation perspective
> (somewhat BSD oriented, but BSD is mainstream), it is highly desirable
> to be able to put the key management protocol into applications that
> sit on top of normal network Sockets and also a PF_Key socket.
> Keeping the key mgmt protocol outside the kernel reduces kernel bloat
> and more importantly makes it easier to add new key mgmt protocols
> or to replace old key mgmt protocols (e.g. if a new bad attack
> should be discovered in the future).
> 
> [End personal commentary]

This is similar to my own work and I strongly favor the approach of
keeping the key management system out of the kernel.

Perry


References: