[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Comment regarding draft-mcdonald-pf-key-v2-00.txt
> Assuming the kernel is supposed to generate the IV, why not
> allow the PF_KEY interface transfer an IV? It seems to me, if an
> external hardware were available, random data would be best
> obtained by a user level application rather than the kernel.
I don't agree.
1) Assuming we're talking about UNIX-like systems (monolithic large
kernel), I'm not sure this statement is really true.. especially given
the work by Don Davis and others sampling randomness from disk drives
and Ted Ts'o's /dev/random driver for linux (which also exports a
kernel-internal API for kernel code which needs strong randomness).
2) even if it were true, I don't think PF_KEY is the right place to
put a "deliver random bitstream to kernel" interface. For any number
of reasons, you really want a "pipe" of randomness, not a
request-response protocol.
- Bill
Follow-Ups: