From owner-freebsd-net@FreeBSD.ORG Fri Aug 13 17:30:03 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39B6016A4CE for ; Fri, 13 Aug 2004 17:30:03 +0000 (GMT) Received: from venus.vincentjardin.net (lns-th2-13-82-64-65-30.adsl.proxad.net [82.64.65.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 415C143D46 for ; Fri, 13 Aug 2004 17:30:02 +0000 (GMT) (envelope-from jardin@venus.vincentjardin.net) Received: from venus.vincentjardin.net (localhost [127.0.0.1]) i7DHdWoD020089; Fri, 13 Aug 2004 19:39:32 +0200 (CEST) (envelope-from jardin@venus.vincentjardin.net) Received: from localhost (localhost [[UNIX: localhost]]) by venus.vincentjardin.net (8.12.9/8.12.9/Submit) id i7DHdUjs020088; Fri, 13 Aug 2004 19:39:30 +0200 (CEST) From: Vincent Jardin To: Bruce M Simpson , Nathan K Date: Fri, 13 Aug 2004 19:39:23 +0200 User-Agent: KMail/1.5.2 References: <20040812040745.GA781@empiric.icir.org> In-Reply-To: <20040812040745.GA781@empiric.icir.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: clearsigned data Content-Disposition: inline Message-Id: <200408131939.30875.vjardin@free.fr> cc: xorp-users@xorp.org cc: freebsd-net@FreeBSD.org Subject: Re: [Xorp-users] MD5 Support X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Aug 2004 17:30:03 -0000 =2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Future Directions for XORP > -------------------------- > > As PF_KEY is somewhat standardized (RFC 2367 Informational) and well > documented (UNIX Network Programming Vol1 2e Fenner et al) this is a > portable way of achieving this across the BSDs. Linux (FreeS/WAN et > cetera) may be another story. =46YI, Linux does support PF_KEY too. > > Future Directions for TCP-MD5 > ----------------------------- > > This would however require that applications such as Quagga and XORP speak > fluent PF_KEY in the BSD dialect. I think that the routing protocols will have to speak fluently PF_KEY becau= se=20 even for OSPFv2/MD5 or RIP/MD5 the keys could be provided by a "key daemon"= =2E=20 This concept is already described by the RFC 2367, section 1.2 and section= =20 5.3 (OSPF Securrity Example). Regards, Vincent =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQFBHPzRj1uHAMmANdgRAprWAKDtG8oLQUa7SevIgqVNyjZpzsguoACfZMUy LsKFJkGeWhH+lhXNZw7ShA4=3D =3DLvtl =2D----END PGP SIGNATURE-----