[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: manual keying and IPSEC conformance
Dan brought up some good points.. But the major one, I think was that
removing manual keying weakens IPSEC's independence from key management.
I'm not sure I agree with this.. As long as the interface exists for placing security
associations in the kernel, IPSEC is independent, correct? This doesn't imply that
I have to provide all the tools and instructions for manually placing keys in my
kernel.
I really don't like the idea of being required to support placing keys manually in
the kernel and I'm not sure this actually belongs in a protocol specification in the first
place... I'd support removing the manual keying stipulation from the documents.
-Rob