[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt

To: dennis.glatting@plaintalk.bellevue.wa.us
Subject: Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Thu, 02 Jan 1997 11:10:03 -0500
Cc: phan@itd.nrl.navy.mil, cmetz@inner.net, danmcd@eng.sun.com, ipsec@tis.com
In-Reply-To: dennis.glatting's message of Tue, 31 Dec 1996 17:47:17 -0800. <199701010147.RAA02144@imo.plaintalk.bellevue.wa.us>
Sender: owner-ipsec@ex.tis.com

> Assuming the kernel is supposed to generate the IV, why not
> allow the PF_KEY interface transfer an IV? It seems to me, if an
> external hardware were available, random data would be best
> obtained by a user level application rather than the kernel.

I don't agree.

 1) Assuming we're talking about UNIX-like systems (monolithic large
kernel), I'm not sure this statement is really true.. especially given
the work by Don Davis and others sampling randomness from disk drives
and Ted Ts'o's /dev/random driver for linux (which also exports a
kernel-internal API for kernel code which needs strong randomness).

 2) even if it were true, I don't think PF_KEY is the right place to
put a "deliver random bitstream to kernel" interface.  For any number
of reasons, you really want a "pipe" of randomness, not a
request-response protocol.

					- Bill

Follow-Ups:

Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt

From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>

Next by Date: Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt
Next by thread: Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt
Index(es):
- Main
- Thread