W3C home > Mailing lists > Public > ietf-discuss@w3.org > May 2001

Re: Discussion of an app-layer API for IPsec

From: Paul Hoffman / IMC <phoffman@imc.org>
Date: Mon, 14 May 2001 09:21:04 -0700
Message-Id: <p05100314b725b618b1bc@[165.227.249.18]>
To: Alexey Melnikov <mel@messagingdirect.com>, Keith Moore <moore@cs.utk.edu>
Cc: discuss@apps.ietf.org
At 2:30 AM -0600 5/14/01, Alexey Melnikov wrote:
>Keith Moore wrote:
>
>>  I basically think that IPsec is nearly useless without an application-layer
>>  API, but the API needs to not only make applications aware of whether
>>  a security association has been established (along with the credentials
>>  so that the application can evaluate them for itself) but also allow
>>  the application to control the credentials that are used when establishing
>>  SAs.
>
>And one possible use of this is API is for EXTERNAL SASL mechanism, 
>implemented
>on top of IPSec.

This makes a lot of sense. Is anyone here in the Apps Area 
interesting in really persuing it? If not, I don't expect it to move 
forwards. There are only two or three people in the IPsec area who 
expressed any interest in doing the real work (Bill Sommerfeld and 
Steve Bellovin).

--Paul Hoffman, Director
--Internet Mail Consortium
Received on Monday, 14 May 2001 12:46:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 23 March 2006 20:11:28 GMT