Subject: Re: IPSEC and user vs machine authentication
To: Michael Richardson <>
From: Steven M. Bellovin <>
List: tech-security
Date: 08/15/2005 13:40:13
In message <>, Michael Richards
on writes:
>>>>>> "Jason" == Jason Thorpe <> writes:
>    >> So, this was work that Bill Sommerfeld and I were trying to
>    >> standardize as a piece of work that many call "PF_POLICY" (but we
>    >> didn't want to actually make the API a socket-based one, leaving
>    >> that for the implementor to worry about).
>    Jason> Has that effort died?  I attended a few informal discussions
>    Jason> about this topic when it was first being discussed, but was
>    Jason> not able to stay involved and have not heard much about it
>    Jason> since, until you mentioned it now.
>  I'm still working on it, but I can't write a "standard" in isolation.
>I wrote code for Openswan to prototype the first part [query] (and we even
>demonstrated it at a BlackHat conference).
>  I'm still interesting in continuing on this.

As am I.  I tried hard to get the IPsec WG interested in the question, 
way back when, but with little success.

		--Steven M. Bellovin,