In message <24956.1124124807@marajade.sandelman.ottawa.on.ca>, Michael Richards
on writes:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>>>>>> "Jason" == Jason Thorpe <thorpej@shagadelic.org> writes:
>    >> So, this was work that Bill Sommerfeld and I were trying to
>    >> standardize as a piece of work that many call "PF_POLICY" (but we
>    >> didn't want to actually make the API a socket-based one, leaving
>    >> that for the implementor to worry about).
>
>    Jason> Has that effort died?  I attended a few informal discussions
>    Jason> about this topic when it was first being discussed, but was
>    Jason> not able to stay involved and have not heard much about it
>    Jason> since, until you mentioned it now.
>
>  I'm still working on it, but I can't write a "standard" in isolation.
>I wrote code for Openswan to prototype the first part [query] (and we even
>demonstrated it at a BlackHat conference).
>
>  I'm still interesting in continuing on this.
>

As am I.  I tried hard to get the IPsec WG interested in the question, 
way back when, but with little success.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb