[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC goes to RFC

Stephen D. Williams writes:
> Could we please share snapshots of any code that exists?  Even if it's
> for a totally different OS, it's still extremely helpful if we're short
> on time.

Thats certainly something people expect to do -- I'll begin letting
people at my code in a couple of weeks.

There is a mailing list for IPSEC developers right now -- people who
have read the RFCs and decide to get serious might want to subscribe.

> I'm interested in doing/helping with Linux.  I also have access to
> an SGI Indy (less well ready to develop though) and HPUX.

Kernel sources are important here -- if you don't have kernel sources
IPSEC may be a challenge to put into a kernel...

> Does it make any sense to talk about loopback interface style wedges to
> convert OS native IP to IPSEC?  What about a version of inetd that
> wraps apps?

Steve Bellovin has a summer student who did an interesting wedge on
PCs running packet driver interfaces in which he interposed his stuff
between the stack and the real packet driver. However, this can only
be of use for host-host keying and not user-user which is the real goal.