tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: remote kernel debugging over a network

On Jun 6, 2010, at 5:02 18AM, Jordan Gordeev wrote:

> Thor Lancelot Simon wrote:
>> IPKDB used a custom MD5-based packet hash for "security".  I actually
>> think it would probably be very easy to support a single IPsec ESP
>> security association instead.  The hair with IPsec is all with key
>> negotiation.  Don't bother, and don't do some things like replay
>> protection, and ESP is a very simple, compact little shim layer on IP.
> ESP requires a random-number generator with cryptographic quality. I'm not 
> sure we can provide that in the limited environment of the kernel debugger.

ESP needs that for key management but not otherwise.  If you provision static 
keys, that isn't necessary.  You do need unpredictable IVs, but there are other 
ways to do that.

                --Steve Bellovin,

Home | Main Index | Thread Index | Old Index