On 11/26/05, Joachim Schipper <[EMAIL PROTECTED]> wrote: > I fully agree. But if you only want to accept traffic from trusted, > authenticated sources, it's about as close to that as you can get.
what i'd like a key daemon to do: - create or import a symmetric key database (hardware entropy++) - for encrypted key databases prompt for authentication - enter SA's according to key schedule associated with db - invalidate used keys and securely delete them from db you can assume that key distribution details are covered. what i don't what it ever doing: opening a public network socket and listening to unauthenticated traffic (ISAKMP). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
