[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use IPSEC as SSH replacement
> In a native host implementation, an application can determine what IPsec
> services are applied to each data stream. The only real issue is the API
> for doing this, and I thought PFKey was a step in that direction.
PF_KEY does not solve this problem. It solves the "user-level IKE daemon
talking to the kernel SADB" problem.
I had some "IPsec socket API extensions" drafts out a while back. Craig Metz
has a "net-security-api" draft out. This is the sort of API that you're
talking about, Steve.
Dan
References: