[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Seucurity API

Subject was: Re: IPv6 Security Last Call Initial Questions (per user keying)

>  A document that discusses some of the API issues is already online
>with a filename similar to "draft-mcdonald-sec-api-*.txt".  I should
>mention that the Security API draft is a drafty draft mainly out to
>focus discussions.  Also, the IETF doesn't standardise APIs so that
>would become an Informational RFC if it went to RFC in the future.

This is true.  But we have found it very beneficial to have a working
and implemented API for the IPv6 WG to test.  It also brings out issues
as to how the protocol is used.  Also the API spec in the case of IPv6
also defined the socket structure which is used in BSD derived systems
in the IPv6 test systems I am aware of for IPv6 which is only two I
admit.  INRIA and Digital.  Also others that are still working on
implementations to join the test soon I hope.  If you want to test any
IPv6 implementations you have let me know off line and I will send you a
pointer.  We can at least test out IPv6-IPv4 tunneling which tests the
API, transport, and parts of the network layer.

I urge the IPSEC WG strongly to listen to Dan on the API issue as
my input, because it is also a test of implementing the standard, and we
all will need some kind of API to do keying.