[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PF_KEY Key Management API
In article <2.2.32.19960731192328.00710434@po1.bbn.com> John Zao wrote:
>Where could I find a document that describes the "PF_KEY Key Management
>API"? The API is supported by the NRL IPSec implementation. In my course of
>designing a key management API for Mobile IP, I would like to learn from its
>design.
>
>Many thanks,
>
>John.
John,
The PF_KEY API already has hooks to support Mobile IP, so you might just be
able to reuse the freely distributable PF_KEY API and Key Engine code from the
NRL IPv6+IPsec implementation. If you need minor API changes, the PF_KEY gang
are happy to work with you to ensure that PF_KEY can meet the needs of Mobile
IP. Send me unicast email if you want to persue this. An I-D describing
PF_KEY version 2 exists and should be put online soon, but the INET'96
paper that Dan McD mentioned is a better introduction to PF_KEY anyway.
All,
This seems a good time to mention that the NRL July 1996 IPv6+IPsec
(includes IPv6, IPsec for IPv4, IPsec for IPv6, PF_KEY, and the Key Engine for
4.4-Lite BSD/NetBSD/BSDI and tested with those on SPARC and x86 hardware)
is available online now/soon.
US: http://web.mit.edu/network/isakmp (coming very soon;
was online there but they just suffered a disk crash)
US & Canada:
http://www.cisco.com/public/library/isakmp/ipsec.html
Europe (Export version for July 96, but full versions for Jan96 & Sep 95):
ftp://ftp.ripe.net/ipv6/nrl/
Ran
rja@cisco.com
References: