[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt



-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Markku" == Markku Savela <msa@burp.tkv.asdf.org> writes:
    Markku> If Key negotiation protocol is open for new ideas, I would
    Markku> strongly prefer a key negotiation that only negotiates one
    Markku> directional SA as requested by the kernel side of the IPSEC (in
    Markku> my case, key management is provided with the information about
    Markku> the required SA via PFKEYv2 ACQUIRE message). It does not need to
    Markku> know about selectors, it does not need to know even if the SA is
    Markku> for tunnel or transport mode! Also, note that key management
    Markku> doesn't need care about bundles either!
  
  That sounds great for outbound/initiator.

  How does one communicate selectors to the kernel of the responder?

  I frankly think that we need a lot more policy to be communicated (both
negotiation style and agreement style).	

  If you feel that this belongs in another protocol, I won't argue with that.
But, I strongly think that it must exist.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [





-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPA6pw4qHRg3pndX9AQEkQQQApY8PWGeJSdlYwyQkqfGtuOcBbuPmHOm/
e1Op9ymZcLWSXblme6SsS041q81cIacyPSAb9/GhsXYT5yfDovHP6LX7VfVzdL49
cPHtc2fnpM1aC7q+LnXrYOyp6e70RQBM4Ihw21MRQnCE/+6+9gcCTcqIFnVJPYx0
IqXJm7U1M2c=
=IPwR
-----END PGP SIGNATURE-----


Follow-Ups: References: