Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Aug 2004 19:39:23 +0200
From:      Vincent Jardin <vjardin@free.fr>
To:        Bruce M Simpson <bms@spc.org>, Nathan K <doesnotcount@hotmail.com>
Cc:        freebsd-net@FreeBSD.org
Subject:   Re: [Xorp-users] MD5 Support
Message-ID:  <200408131939.30875.vjardin@free.fr>
In-Reply-To: <20040812040745.GA781@empiric.icir.org>
References:  <BAY19-F146mTBb5VYUd0002573c@hotmail.com> <20040812040745.GA781@empiric.icir.org>

next in thread | previous in thread | raw e-mail | index | archive | help
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Future Directions for XORP
> --------------------------
>
> As PF_KEY is somewhat standardized (RFC 2367 Informational) and well
> documented (UNIX Network Programming Vol1 2e Fenner et al) this is a
> portable way of achieving this across the BSDs. Linux (FreeS/WAN et
> cetera) may be another story.

=46YI, Linux does support PF_KEY too.

>
> Future Directions for TCP-MD5
> -----------------------------
>
> This would however require that applications such as Quagga and XORP speak
> fluent PF_KEY in the BSD dialect.

I think that the routing protocols will have to speak fluently PF_KEY becau=
se=20
even for OSPFv2/MD5 or RIP/MD5 the keys could be provided by a "key daemon"=
=2E=20
This concept is already described by the RFC 2367, section 1.2 and section=
=20
5.3 (OSPF Securrity Example).

Regards,
  Vincent
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)

iD8DBQFBHPzRj1uHAMmANdgRAprWAKDtG8oLQUa7SevIgqVNyjZpzsguoACfZMUy
LsKFJkGeWhH+lhXNZw7ShA4=3D
=3DLvtl
=2D----END PGP SIGNATURE-----



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408131939.30875.vjardin>