[anonsec] Fwd: I-D ACTION:draft-komu-btns-api-01.txt
Miika Komu
miika at iki.fi
Mon Mar 12 05:08:49 PDT 2007
On Fri, 9 Mar 2007, Julien Laganier wrote:
Hi all,
a lot of things have changed in the API draft. Most importantly, the draft
is now more concrete instead of just outlining some ideas. It includes
C-based programming interfaces for defining application ipsec policy
attributes and channel bindings. The use of the interfaces is illustrated
in the appendix with some code examples.
I removed the dependency to draft-ietf-hip-native-api because the
dependency is actually the other way around. The draft is not based on
high layer interfaces (SASL or GSS) because they are more session or
transport layer oriented, where as IPsec APIs should be working even at
the datagram oriented level (sendmsg, sendto, etc). However, it should be
ok to use e.g. GSS and the IPsec APIs at the same time in the same
application.
The changes are based on comments from Nicolas Williams, Michael
Richardson, Love Åstrand and Julien Laganier. Sasu Tarkoma gave a thorough
review for the preversion and promised to participate in editing the next
versions of the draft, so I added him as a co-author. Thanks for the
commentors good feedback!
Some things are still work in progress:
* The exact set of policy attributes to be defined in the draft.
* Code examples with SASL or GSS. Server side code examples.
* Storing of channel bindings to long-term memory (disk?)
* The comparison functions should allow comparison of attribute1 <
attribute2, not just equality.
* Querying of local / peer identitities
* Forcing of IPsec based security vs. allow fallback to non-IPsec based
communications?
* Error values
All further comments are welcome!
http://www.ietf.org/internet-drafts/draft-komu-btns-api-01.txt
--
Miika Komu http://www.iki.fi/miika/
More information about the ANONSEC
mailing list