Subject: Re: Reminder that we are supporting two parallel IPsec implementations
To: Bill Studenmund <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 09/12/2003 13:09:58

I dont see myself as `making an attack on kernfs'.

I'm reporting, as best I recall, a consensus that was reached about
kernfs and other subsystems: we shouldn't rely on kernfs, beacuse it
*is* an option. Thus kernfs may not be present (for good reasons) in
systems which, for example, want to use IPsec.

The plain fact is that using kernfs is neither necessary nor
appropriate.  The real issue here is whether or not Itojun is making
technical judgment calls which are appropriate for NetBSD.
I submit that here (again, as you note with regard to performance)
Itojun's judgemnt call was not appropriate.

Also; if we are going to pursue fast-ipsec, then its not appropriate
to make pre-emptive changes (like requiring kernfs access to SAs in
userland tools) without prior consultation and consensus.