Subject: Re: IPSEC and user vs machine authentication
To: Michael Richardson <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 08/15/2005 13:40:13
In message <email@example.com>, Michael Richards
>-----BEGIN PGP SIGNED MESSAGE-----
>>>>>> "Jason" == Jason Thorpe <firstname.lastname@example.org> writes:
> >> So, this was work that Bill Sommerfeld and I were trying to
> >> standardize as a piece of work that many call "PF_POLICY" (but we
> >> didn't want to actually make the API a socket-based one, leaving
> >> that for the implementor to worry about).
> Jason> Has that effort died? I attended a few informal discussions
> Jason> about this topic when it was first being discussed, but was
> Jason> not able to stay involved and have not heard much about it
> Jason> since, until you mentioned it now.
> I'm still working on it, but I can't write a "standard" in isolation.
>I wrote code for Openswan to prototype the first part [query] (and we even
>demonstrated it at a BlackHat conference).
> I'm still interesting in continuing on this.
As am I. I tried hard to get the IPsec WG interested in the question,
way back when, but with little success.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb