>>>>> "Markku" == Markku Savela <msa@xxxxxxxxxxxxxxxxx> writes:
Markku> I think anything related to Policy Database should be kept out of
Markku> PF_KEY as much as possible. Limit the PFEKY api to be a
Markku> management API for the SADB only.
Markku> Only the ACQUIRE message could have some additional information
Markku> that identifies the triggering policy database entery. PFKEY
I would argue that if you limit it to SADB only, that ACQUIRE does not
belong in pfkey. Probably not REGISTER either.
--
] Michael Richardson Xelerance Corporation, Ottawa, ON | firewalls [
] mcr @ xelerance.com Now doing IPsec training, see |net architect[
] http://www.sandelman.ca/mcr/ www.xelerance.com/training/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
Attachment:
pgp00003.pgp
Description: PGP signature