[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: manual keying and IPSEC conformance



Dan brought up some good points.. But the major one, I think was that
removing manual keying weakens IPSEC's independence from key management.

I'm not sure I agree with this..  As long as the interface exists for placing security
associations in the kernel, IPSEC is independent, correct?    This doesn't imply that
I have to provide all the tools and instructions for manually placing keys in my 
kernel.   

I really don't like the idea of being required to support placing keys manually in
the kernel and I'm not sure this actually belongs in a protocol specification in the first 
place...    I'd support removing the manual keying stipulation from the documents.

-Rob