Re: IPsecurity theater

[coderman <coderman () gmail com>]

On 11/26/05, Joachim Schipper <j.schipper () math uu nl> wrote:
> I fully agree. But if you only want to accept traffic from trusted,
> authenticated sources, it's about as close to that as you can get.

what i'd like a key daemon to do:
- create or import a symmetric key database (hardware entropy++)
- for encrypted key databases prompt for authentication
- enter SA's according to key schedule associated with db
- invalidate used keys and securely delete them from db
you can assume that key distribution details are covered.

what i don't what it ever doing:
opening a public network socket and listening to unauthenticated
traffic (ISAKMP).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/