Subject: Re: IPSEC and user vs machine authentication
To: Jason Thorpe <thorpej@shagadelic.org>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-security
Date: 08/15/2005 12:53:27
-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Jason" == Jason Thorpe <thorpej@shagadelic.org> writes:
    >> So, this was work that Bill Sommerfeld and I were trying to
    >> standardize as a piece of work that many call "PF_POLICY" (but we
    >> didn't want to actually make the API a socket-based one, leaving
    >> that for the implementor to worry about).

    Jason> Has that effort died?  I attended a few informal discussions
    Jason> about this topic when it was first being discussed, but was
    Jason> not able to stay involved and have not heard much about it
    Jason> since, until you mentioned it now.

  I'm still working on it, but I can't write a "standard" in isolation.
I wrote code for Openswan to prototype the first part [query] (and we even
demonstrated it at a BlackHat conference).

  I'm still interesting in continuing on this.

- -- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
]                    I'm a dad: http://www.sandelman.ca/lrmr/                 [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQwDIhYqHRg3pndX9AQF5XgP7B/vo55Jz/KkveyiojCEF1WZX9E5zZVNl
ubJYkNjYy7zk1flS8KU02lh/p3CDH2f9UxcjsCcrtUgEDXKh7mBv3xL99H8Q2YhE
RD+XUNN1AQRQqw9CsTAyLN//zh+o7SqVCME+B3FGwphNRi5xq1fsF55KjjA63gYT
8mHv4ulShPg=
=gXv3
-----END PGP SIGNATURE-----