[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of UDP ports for Photuris
Hilarie Orman writes:
> I'd like to see key management done as a protocol over IP. This is
> because it facilitates building high-assurance systems. For example,
> if the host policy requires all user-level network communication to be
> AH or ESP protected, then I can easily build a protocol graph that
> ensures this if key management is in the kernel. If it isn't, then
> there must be a filter that allows some key management messages to be
> delivered to the user level while blocking other traffic. This is a
> displeasing architecture.
No it isn't. You have to be able to handle mulitple, per-port policies
anyway. I have seen no trouble with this at all. I don't understand
why it is that it should be more difficult to have a distinct policy
for the Photuris port than it is to have a distinct policy for any
other port, and you basically have to be able to do that.
Also, I explicitly don't want it to use an IP datagram. Among other
things, its very antisocial -- the IP type space is finite and
dwindling, and there is no need. Also, its much easier to have user
space processes deal with UDP.
> And, I'm not comfortable about having keys managed by a user-level
> process, anyway. I'd like to have the code that manages the keys
> be able to manage real memory.
I don't want the key management system hardwired in because I want
to be able to pop them in and out and I don't see the need for the
kernel bloat. Its also far easier to write user space code and change
it.
> UDP doesn't have anything to offer IP key management. Its port numbers
> and checksum are just red herring.
No one cares about the checksum and port numbers -- thats a red
herring. We want it for the other reasons above.
Perry
References: