Re: Discussion of an app-layer API for IPsec

At 2:30 AM -0600 5/14/01, Alexey Melnikov wrote:
>Keith Moore wrote:
>>  I basically think that IPsec is nearly useless without an application-layer
>>  API, but the API needs to not only make applications aware of whether
>>  a security association has been established (along with the credentials
>>  so that the application can evaluate them for itself) but also allow
>>  the application to control the credentials that are used when establishing
>>  SAs.
>And one possible use of this is API is for EXTERNAL SASL mechanism, 
>on top of IPSec.

This makes a lot of sense. Is anyone here in the Apps Area 
interesting in really persuing it? If not, I don't expect it to move 
forwards. There are only two or three people in the IPsec area who 
expressed any interest in doing the real work (Bill Sommerfeld and 
Steve Bellovin).

--Paul Hoffman, Director
--Internet Mail Consortium

Received on Monday, 14 May 2001 12:46:42 UTC