[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of UDP ports for Photuris




Hilarie Orman writes:
> I'd like to see key management done as a protocol over IP.  This is
> because it facilitates building high-assurance systems.  For example,
> if the host policy requires all user-level network communication to be
> AH or ESP protected, then I can easily build a protocol graph that
> ensures this if key management is in the kernel.  If it isn't, then
> there must be a filter that allows some key management messages to be
> delivered to the user level while blocking other traffic.  This is a
> displeasing architecture.

No it isn't. You have to be able to handle mulitple, per-port policies
anyway. I have seen no trouble with this at all. I don't understand
why it is that it should be more difficult to have a distinct policy
for the Photuris port than it is to have a distinct policy for any
other port, and you basically have to be able to do that.

Also, I explicitly don't want it to use an IP datagram. Among other
things, its very antisocial -- the IP type space is finite and
dwindling, and there is no need. Also, its much easier to have user
space processes deal with UDP.

> And, I'm not comfortable about having keys managed by a user-level
> process, anyway.  I'd like to have the code that manages the keys
> be able to manage real memory.

I don't want the key management system hardwired in because I want
to be able to pop them in and out and I don't see the need for the
kernel bloat. Its also far easier to write user space code and change
it.

> UDP doesn't have anything to offer IP key management.  Its port numbers
> and checksum are just red herring.

No one cares about the checksum and port numbers -- thats a red
herring. We want it for the other reasons above.

Perry


References: