Girish Moodalbail writes: > Are we talking of providing a socket option to turn on/off the feature. > Basically a flag. So that there is a way to override the weaker system > policy?
If the system doesn't have the keys configured, then you can't meaningfully turn it "on." The only thing you can do is fail if it isn't available. If the system does have keys, and is configured to use TCP-MD5, then allowing the application to turn it off seems silly to me. I don't see a real point to an on/off switch. > Are we talking of providing a socket option to push the password/keys to > be used for computing MD5 digest? Yes, I think that's what they're asking for, but that gets the client into the tricky business of handling sensitive key material (including all the configuration file problems this causes), and doesn't seem to be necessary. -- James Carlson, Solaris Networking <[EMAIL PROTECTED]> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
