Re: Discussion of an app-layer API for IPsec

Keith Moore wrote:

> I basically think that IPsec is nearly useless without an application-layer
> API, but the API needs to not only make applications aware of whether
> a security association has been established (along with the credentials
> so that the application can evaluate them for itself) but also allow
> the application to control the credentials that are used when establishing
> SAs.

And one possible use of this is API is for EXTERNAL SASL mechanism, implemented
on top of IPSec.


Received on Monday, 14 May 2001 04:34:38 UTC