On (03/11/08 18:45), Nicolas Williams wrote: > > On Tue, Mar 11, 2008 at 06:51:11PM -0400, [EMAIL PROTECTED] > wrote: > > Moreover, as we discussed in various hallway conversations, > > it's a little odd to configure ipsec policy in one way (using > > ipsecconf) and to configure md5 in another (via on/off switches). > > Except that a *lot* of IPsec configuration should be specifiable > through > IP_SEC_OPT-like interfaces. (Not necessarily things like, oh, say, > trust anchors.)
Well, it's easy enough to do this via a setsockopt, but as Jim pointed out, it's meaningless to turn on md5 if there are no keys. > No, not PF_KEY. If you want sanitized ways to deal with keys then use > tokens (including soft tokens). PF_KEY is not an API that we can > expect > simple apps to use. Actually, as others have pointed out, tcp-md5 itself is such a weak security model that it's only needed in some corner cases like bgp-daemons, and simple apps would be better off using full-blown ipsec. Besides, openbsd (which is one of the few implementations that actually gets the server side semantics right) uses PF_KEY sockets. OTOH, the benefit to using ipseckey/ipsecconf is that we don't have any Interface changes to third party routing daemons- they "just work". --Sowmini _______________________________________________ networking-discuss mailing list [email protected]
