[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Which comes first?

To: "Marc Hasson" <marc@mentat.com>, <kseo@bbn.com>, <tytso@MIT.EDU>
Subject: Re: Which comes first?
From: "Michael Reilly" <michaelr@cisco.com>
Date: Wed, 17 Sep 1997 09:24:58 -0700
Cc: <rpereira@TimeStep.com>, <ben@Ascend.COM>, <ipsec@tis.com>
Sender: owner-ipsec@ex.tis.com

Marc Hanson wrote:

>>Well, its not what any PF_KEYv2 person is implementing or has implemented
..

Actually it is what some of us "PF_KEYv2 people" have implemented.  The key
daemon will supply exactly what is asked for.  The kernel asks for 192 bits
of encryption key and 0 bits of authentication key and gets just that.  Of
course if the kernel wanted to ask for 64 bits for ESP and 128 for the HMAC
and KNEW  a priori that the key daemon understood the ESP transform in use
it could do so.

Since the key daemon shouldn't have to know anything about the transform in
use the kernel can decide how to cut up the keying material and ask for all
the bits at once.  PF_KEY doesn't preclude this.

michael

Prev by Date: Re: Which comes first?
Next by Date: Daemon Recovery
Prev by thread: Re: Which comes first?
Next by thread: Re: Which comes first?
Index(es):
- Main
- Thread