Subject: Re: openbgpd 3.7
To: Thomas E. Spanjaard <firstname.lastname@example.org>
From: Thor Lancelot Simon <email@example.com>
Date: 01/22/2006 13:44:33
On Sun, Jan 22, 2006 at 01:59:49PM +0000, Thomas E. Spanjaard wrote:
> Note that IPsec ESP/AH authentication isn't operational yet,
> as someone(*cough* riz *cough* ;)) needs to upgrade our IPsec/SA stuff
> to what OpenBSD has.
What exactly is involved in this "upgrade"? The interface in question
is standard across the KAME stack and the "fast IPsec" (Keromytis/Leffler)
stack in most BSD operating systems (in fact, all of them except OpenBSD,
if they've changed it somehow). AFAICT it offers everything one needs to
require ESP or AH on a per-socket basis; is the implementation broken, or
are we talking about an interface change, and if so, why?