[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use of UDP ports for Photuris
>
> I'd like to see key management done as a protocol over IP. This is
> because it facilitates building high-assurance systems. For example,
> if the host policy requires all user-level network communication to be
> AH or ESP protected, then I can easily build a protocol graph that
> ensures this if key management is in the kernel. If it isn't, then
> there must be a filter that allows some key management messages to be
> delivered to the user level while blocking other traffic. This is a
> displeasing architecture.
>
Well, it would also accommodate application layer authentication,
not transport layer, which is what we should all be shooting for
anyway.
Oops, wrong list. :-)
- paul
References: