[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP Source Release is out!

>Doug Hughes writes:
>> >Tom Markson writes:
>> >> Check out http://skip.incog.com.  We've released the source to the SKIP
>> >> key management and IP layer encryption package for SunOs 4.x.
>> >
>> >SKIP is a non-standard being pushed by Sun.
>> Correct me if I'm wrong, but isn't sun trying to make it a standard
>> (in competetion with Photuris) ?
>The IETF has many sorts of standards. It explicitly has a way to
>standardize things that the IETF doesn't think are a good idea but
>which should have the ability to interoperate if you do them.
>My opinion is that it is fairly clear that Photuris is the key
>management system people will be using, although it is going to have
>to evolve to work with a real network wide certificate database
>infrastructure. SKIP isn't going to be the standard.
>> Can I also assume that the IPV6 stuff requires pretty extensive kernel
>> mods? (Not bad, but a very definite consideration)
>IPSEC, SKIP, IPv6, etc., all require kernel mods. You can't help
>it. Its part of the IP stack, you know.
I knew it was a safe assumption. :)

>BTW, IPv6 uses IPSEC, but IPSEC isn't only for IPv6 -- its also usable
>in IPv4. We were careful about how we architected that.
>The NRL code implements IPsec for both v4 and for the v6 stack it
>comes with. In fact, the NRL code is primarily an IPv6 implementation
>-- they just implemented IPSEC as a side effect.

'Tis a shame, because SKIP is available right now and will, if past history
is any indication, become the defacto standard on Sun platforms because it
is readily available, and the IPV6 stuff isn't, nor probably will be soon
because even those with the source code are not permitted to give out mods
to this source (in the case of SunOS - I believe). However, a loadable
kernel module would be very nice with the IPv6 stuff in it. Unfortunately,
I have very little experience with loadable kernel modules of this scope,
nor the source code to use as a reference, should the loadable modules be

Doug Hughes					Engineering Network Services
System/Net Admin  				Auburn University
			[email protected]
		Pro is to Con as progress is to congress