Hi Darren,
> One small question though. I assume that /etc/inet/ipsecalgs will be
> updated by this case so that CCM and GCM are available without the admin
> having to run ipsecalgs(1M). I also assume that the already existing
> svc:/network/ipsec/ipsecalgs:default will be the SMF service doing this
> update - since we should no longer attempt to do this in class action or
> postinstall scripts.
/etc/inet/ipsecalgs will be updated, this means that new installs will get this
file with GCM/CCM already in place. The class action script has been updated so
that BFU and upgrade using SVR4 packages will do the right thing. Existing IPS
installs will NOT get the new file when they do an image-update, they will have
to run ipsecalgs(1m), but only if they want to use these new ciphers. IPsec
will work just fine with the old ipsecalgs file for the existing ciphers.
We plan on addressing ipsecalgs/IPS as a separate project, straight after this
is done.
Hope this clarifies.
Mark
----------------------------------------------------------------------------
Mark Fenwick, Solaris Security Technologies.
TEL: +1 (650) 786 2733 (X82733) __o
Sun Microsystems Inc, Menlo Park, California. `\<,_
(*)/ (*)
----------------------------------------------------------------------------
