[Cryptography] Why aren’t we using SSH for everything?
Nico Williams
nico at cryptonector.com
Sun Jan 4 20:14:12 EST 2015
Oh, some functions have been added, like accept4(), so that O_CLOEXEC could
be set atomically.
All we really need are new "address families" and new socket options.
Also, as with the IP_SEC_OPT socket option, I'd say that asking for PROTECT
gets you that (or an error) and bypasses the horrible SPD. At least to get
started. This means stronger coupling between the transport layers and
IPsec too: even "connected" UDP sockets should get equivalent protection
for all their packets, with the same peer, and even SOCK_RAW should get
ancillary data suitable for application-level logical packet flow
protection.
Nico
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150104/4182c4ff/attachment.html>
More information about the cryptography
mailing list