[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: application layer cross checking

To: Michael Thomas <mat@cisco.com>
Subject: Re: application layer cross checking
From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
Date: Thu, 03 May 2001 16:04:19 -0400
cc: ipsec@lists.tislabs.com
In-reply-to: Your message of "Thu, 03 May 2001 11:55:51 PDT." <15089.43447.409138.295986@thomasm-u1.cisco.com>
Reply-to: sommerfeld@East.Sun.COM
Sender: owner-ipsec@lists.tislabs.com

An API of this form is on my list of things to add to solaris.  

In a sockets-API world, this info wants to show up in socket options
on TCP connections and in recvmsg() ancillary data.

PF_KEY is not the right place for it; PF_KEY is a privileged api used
by the key management daemon (and already includes SA attributes for
identities).

Disclaimers:

 - I'm reluctant to make an API proposal until I have running code,
because APIs Are Hard.

 - I'm not in a position to make any predictions about if/when it's
going to appear in a product.

					- Bill

References:

application layer cross checking

From: Michael Thomas <mat@cisco.com>

Prev by Date: Re: application layer cross checking
Next by Date: RE: IPSec, dynamic IPv4 addresses and FreeBSD?
Prev by thread: Re: application layer cross checking
Next by thread: Re: application layer cross checking
Index(es):
- Main
- Thread