[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: requirement



>>>>> "Markku" == Markku Savela <msa@xxxxxxxxxxxxxxxxx> writes:
    Markku> I think anything related to Policy Database should be kept out of
    Markku> PF_KEY as much as possible. Limit the PFEKY api to be a
    Markku> management API for the SADB only.

    Markku> Only the ACQUIRE message could have some additional information
    Markku> that identifies the triggering policy database entery. PFKEY

  I would argue that if you limit it to SADB only, that ACQUIRE does not
belong in pfkey.  Probably not REGISTER either.

-- 
] Michael Richardson          Xelerance Corporation, Ottawa, ON |  firewalls  [
] mcr @ xelerance.com           Now doing IPsec training, see   |net architect[
] http://www.sandelman.ca/mcr/    www.xelerance.com/training/   |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

Attachment: pgp00003.pgp
Description: PGP signature