[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf_key comments

To: perry@piermont.com
Subject: Re: pf_key comments
From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>
Date: Fri, 3 Jan 97 10:26:20 -0800
cc: Rodney Thayer <rodney@sabletech.com>, ipsec@tis.com
References: <199701031703.MAA10942@jekyll.piermont.com>
Reply-To: dennis.glatting@plaintalk.bellevue.wa.us
Sender: owner-ipsec@ex.tis.com


> > I am looking into implementing PF_KEY and I have some comments on this too:
> >
> > 1. I like the idea of sending the IV down from an application.  I think
> > that an application is a reasonable place to do the random number
> > generation because
>
> Its completely unreasonable to send the IV from the
> application. Since IVs have to be sent on every packet, that
> would mean you would need to do a PF_KEY operation on every
> packet. This is not going to be feasable.
>

There is no need to do an operation for every packet. The kernel
could ask for a block of random data and use it as it wishes.


-dpg

Follow-Ups:

Re: pf_key comments

From: Dennis Glatting <dennis.glatting@plaintalk.bellevue.wa.us>

References:

Re: pf_key comments

From: "Perry E. Metzger" <perry@piermont.com>

Prev by Date: Re: pf_key comments
Next by Date: Re: pf_key comments
Prev by thread: Re: pf_key comments
Next by thread: Re: pf_key comments
Index(es):
- Main
- Thread