On Thu, 2008-17-01 at 23:50 +1100, Herbert Xu wrote: > In fact it goes much further: > > Support for the dump message MAY be discontinued in future versions > of PF_KEY. Key management applications MUST NOT depend on this > message for basic operation.
No doubt PF_KEY being an RFC has caused a lot of damage. Once something is deployed, unfortunately, it grows a foot and sometimes a head[1]. Note: it's a big dilema in my mind as well and i agree in principle with both Dave and you (we really should not be helping pfkey grow another ear on the forehead); the only way i am convincing myself otherwise is to note that Racoon/ipsec-tools is out there, shipped as default ipsec user management tools by most if not all linux distros. If we really want to stop the beast lets cut out the umbilicall code - just take out pfkey altogether from Linux ;-> cheers, jamal [1] Whatever fix/approach Timo has will eventually show up in the BSDs and solaris for example -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
