[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use IPSEC as SSH replacement

To: kent@bbn.com (Stephen Kent)
Subject: Re: Use IPSEC as SSH replacement
From: Dan McDonald <danmcd@Eng.Sun.Com>
Date: Wed, 2 Dec 1998 08:31:34 -0800 (PST)
Cc: ipsec@tis.com
In-Reply-To: <v04011702b28b0c01dcbd@[128.89.0.110]> from "Stephen Kent" at Dec 2, 98 10:36:41 am
Sender: owner-ipsec@ex.tis.com

> In a native host implementation, an application can determine what IPsec
> services are applied to each data stream.  The only real issue is the API
> for doing this, and I thought PFKey was a step in that direction.

PF_KEY does not solve this problem.  It solves the "user-level IKE daemon
talking to the kernel SADB" problem.

I had some "IPsec socket API extensions" drafts out a while back.  Craig Metz
has a "net-security-api" draft out.  This is the sort of API that you're
talking about, Steve.

Dan

References:

Re: Use IPSEC as SSH replacement

From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: Use IPSEC as SSH replacement
Next by Date: Minor Security issues regarding Kb rekeying
Prev by thread: Re: Use IPSEC as SSH replacement
Next by thread: Re: Use IPSEC as SSH replacement
Index(es):
- Main
- Thread