Re: Discussion of an app-layer API for IPsec

At 6:01 PM -0400 5/6/01, Keith Moore wrote:
>I basically think that IPsec is nearly useless without an application-layer

Creating secure WANs is a pretty large market...

>  but the API needs to not only make applications aware of whether
>a security association has been established (along with the credentials
>so that the application can evaluate them for itself)


>  but also allow
>the application to control the credentials that are used when establishing

That's assuming that the API allows SA creation. I think that is a 
separate API from "am I already covered", and one tha will be much 
harder to design.

--Paul Hoffman, Director
--Internet Mail Consortium

Received on Monday, 7 May 2001 17:45:18 UTC