Re: Use IPSEC as SSH replacement

Dan McDonald <danmcd@Eng.Sun.Com> Wed, 02 December 1998 16:12 UTC

From: Dan McDonald <danmcd@Eng.Sun.Com>
Message-Id: <199812021631.IAA11588@kebe.eng.sun.com>
Subject: Re: Use IPSEC as SSH replacement
To: kent@bbn.com
Date: Wed, 02 Dec 1998 08:31:34 -0800
Cc: ipsec@tis.com
In-Reply-To: <v04011702b28b0c01dcbd@[128.89.0.110]> from "Stephen Kent" at Dec 2, 98 10:36:41 am
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

> In a native host implementation, an application can determine what IPsec
> services are applied to each data stream.  The only real issue is the API
> for doing this, and I thought PFKey was a step in that direction.

PF_KEY does not solve this problem.  It solves the "user-level IKE daemon
talking to the kernel SADB" problem.

I had some "IPsec socket API extensions" drafts out a while back.  Craig Metz
has a "net-security-api" draft out.  This is the sort of API that you're
talking about, Steve.

Dan

Use IPSEC as SSH replacement Markku Savela
Re: Use IPSEC as SSH replacement Michael C. Richardson
Re: Use IPSEC as SSH replacement Henry Spencer
Re: Use IPSEC as SSH replacement Perry E. Metzger
Re: Use IPSEC as SSH replacement Scott G. Kelly
Re: Use IPSEC as SSH replacement Perry E. Metzger
Re: Use IPSEC as SSH replacement Dan McDonald
Re: Use IPSEC as SSH replacement Henry Spencer
RE: Use IPSEC as SSH replacement Freedman, Jerome
Re: Use IPSEC as SSH replacement Steven M. Bellovin
Re: Use IPSEC as SSH replacement Markku Savela
Re: Use IPSEC as SSH replacement Jun-ichiro itojun Itoh
Re: Use IPSEC as SSH replacement Will Price
Re: Use IPSEC as SSH replacement Stephen Kent
Re: Use IPSEC as SSH replacement Stephen Kent
Re: Use IPSEC as SSH replacement Dan McDonald
Re: Use IPSEC as SSH replacement Steven M. Bellovin
Re: Use IPSEC as SSH replacement Tero Kivinen