2008/525 ikeadm token login
Dan McDonald
danmcd at sun.com
Fri Aug 15 10:25:19 PDT 2008
On Fri, Aug 15, 2008 at 01:01:13PM -0400, Paul Wernau wrote:
>> Isn't this (changing the default way the pin is stored) an
>> incompatible change?
The storage of the PIN isn't an interface, per se.
You are worried, I suspect, about least-surprise if someone creates a new
keypair and subsequently has to "ikeadm setpin" every time in.iked restarts.
There will be no surprise to admins who had created a keypair prior to this
change.
>> That seems like a reasonable and good change for Minor or higher, but
>> why do this in a patch?
The (vastly) increased security benefit (no on-disk clear private keys) is
the prime mover for this RFE (and ARC case).
> Hmmm, I had queried the IPsec team about the very same question and we had
> decided collectively that this is probably an exceptional case (if the
> feature existed before, it would have been done that way.) I actually
> would like Bill Sommerfeld or Dan McDonald to weigh in with their opinion
> as I am kind of on the fence about this particular issue.
We feel that the increase in security (and for a feature traditionally used
only with hardware keystores) outweighs the detriment of any disruptive
changes.
Dan
More information about the opensolaris-arc
mailing list