Re: linux-ipsec: Re: your mail

On Tue, 1 Dec 1998, John Gilmore wrote:
> Gee, Henry, you take a nice volunteer on the IPSEC project and try to

Unfortunately, if we're to get any good out of DNSSEC -- a subject that Hugh Daniel keeps bugging us about -- I think we're going to need this, *soon*. I don't see a sharp dividing line between active and passive attacks in the real world... so code which ignores active attacks is a toy. Oh, it'll be neat to say we have it, but nobody will want to use it for anything significant.

However, I agree that this at least straddles the boundary between DNSSEC and IPSEC, and hence possibly falls on the other side. (However, I would be happier about that if I was assured that the guys over on the other side were definitely planning to do an interface with all-the-way-from- the-top verification, not just one level of verification. It may be at a higher level than what they're planning. I'm not talking about writing routines which assemble and disassemble DNS query packets; I'm talking about the signature-verification and tree-following parts of the job.)

> My guess at what needs doing is: First, IKE needs to be able to

Mm, yes, that would be useful immediately, because it reduces the sensitivity of most of the data involved (by avoiding the requirement to distribute secrets to remote hosts).

(More tomorrow, I have to go now...)

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)