[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pf_key comments
-----BEGIN PGP SIGNED MESSAGE-----
I am looking into implementing PF_KEY and I have some comments on this too:
1. I like the idea of sending the IV down from an application. I think
that an application is a reasonable place to do the random number
generation because
- -- I too don't have all my kernel sources
- -- I don't think the kernel IPSEC component should be using other parts of
the kernel in weird ways as randomization sources
2. I wish there was some a notification mechanism for events. As per 2026
we have agreed it's
germaine and legitimate to think about network management when developing
Internet components. I
have a requirement to generate events under certain conditions like
perhaps when there is an encryption failure. Therefore I suggest there be
two new messages, SADB_REGISTER_EVENT and SADB_MANAGEMENT_EVENT.
SADB_REGISTER_EVENT works like SADB_REGISTER. SADB_MANAGEMENT_EVENT
returns a base message followed by a proper SNMPv2 style trap message
(this is chosen to be 2026 compliant!) I think it's appropriate to put
this here because there isn't any other place to get these events, and the
existing messages don't do this, and I believe we need network management.
3. I suggest we *not* claim SADB_DUMP be removed in the future. It's very
useful for network managment.
-----BEGIN PGP SIGNATURE-----
Version: 4.0 Business Edition
Comment: PGP by ViaCrypt
iQCVAgUBMs0eLcKmlvJNktGxAQGzggQAmLaNHP9bJDtKI74UxbAMWZahuKjmIo+Y
vjVEFqQ7J8hd4nlE0XNmCkyF1JdY/z9SQQ4eD0cfIxkdhvc9TVhfwgHpsRl8HA0M
VeQu9SRZfLpOID0h0Om15kbf1kELhIl/iz31pHJY4sEKLq+lUT+nF6dbjwH4xu+5
E4Vhzg/S0vM=
=wDB/
-----END PGP SIGNATURE-----
Rodney Thayer <rodney@sabletech.com> +1 617 332 7292
Sable Technology Corp, 246 Walnut St., Newton MA 02160 USA
Fax: +1 617 332 7970 http://www.shore.net/~sable
"Developers of communications software"
Follow-Ups: