[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-tech
Subject:    Re: ipsec kernel api
From:       Craig Metz <cmetz () inner ! net>
Date:       1999-03-21 0:26:24
[Download RAW message or body]

In message <19990320190946.A857@long-haul.net>, you write:
>about rfc2367, i read it only once so i can be wrong but i didnt
>see anything about ipcomp and about the possibility to 'group' the 
>security association. something like 'esp + ipcomp'.
>
>did i miss something ? if not, does your new work provide a solution ?

  PF_KEY was originally created to handle Security Associations; IP Compression
not being a security protocol, it doesn't really have security associations.
There is no technical reason why the parameters needed by IP Compression can't
be represented and communicated by PF_KEY, and we have in fact been discussing
this recently with people who want to do that.

  There's a PF_KEY mailing list (info is in the RFC); it's probably better to
discuss these things there rather than on tech@openbsd.org.

									-Craig

[prev in list] [next in list] [prev in thread] [next in thread]