Re: mode (tunnel/transport) in PF_Key

[Henry Spencer <henry@spsystems.net>]

On Tue, 13 Apr 1999, Markku Savela wrote:
> Whether or not to use tunnel is defined by the policy definition. IKE
> cannot change it. No PF_KEY interface is needed.

The crucial fact to understand is that PF_KEY as currently defined is
meant to be a *key management* kernel interface, not a general IPSEC
kernel interface.  However, PF_KEY itself compromises somewhat on this,
by dealing with other aspects of SA creation than just keying -- aspects
which trespass into realms of (gasp!) policy -- so it is not surprising
that many people want to extend it further in that direction.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

---

References:

• Re: mode (tunnel/transport) in PF_Key
• From: Markku Savela <msa@anise.tte.vtt.fi>

---

• Prev by Date: Re: mode (tunnel/transport) in PF_Key
• Next by Date: Re: Sequence Number
• Prev by thread: Re: mode (tunnel/transport) in PF_Key
• Next by thread: SAD and SPD...
• Index(es):
  • Main
  • Thread