we've been looking at various ipsec RFCs, mailing list discussions,
deployments, etc, and the protocol looks very neat, this "transport
mode" stuff looks really useful, but we see no way for an app to use it.
we would like to propose a small experiment which we would call "ipsec
address families". rather than using ipv4 or ipv6 address families and
letting the os quietly use ipsec but only if configured by the admin,
the application would open a socket explicitly for ipsec, either on ipv4
or ipv6, and then give it public key material (for connect) or private
key material (for listen) and then the application can enforce ipsec
instead.
we don't propose any further changes to any other apis, for now. these
changes would only impact calls to socket, bind, and connect. depending
on how this goes, we can then discuss the implications for other parts
of the network stack.
thoughts? would anyone be interested in this idea? we really wanna be
able to use ipsec in end-user applications...
--
plural system (tend to say 'we'), it/she/they, it instead of you
_______________________________________________
IPsec mailing list -- ipsec@ietf.org
To unsubscribe send an email to ipsec-le...@ietf.org
