See below:
> -----Original Message----- > From: Eugenen [mailto:[EMAIL PROTECTED]] > > [EMAIL PROTECTED] (Theodore Tso) wrote in message > news:<[EMAIL PROTECTED]>... > > On Mon, Oct 22, 2001 at 12:42:03AM -0700, Eugenen wrote: > > > Does anybody know how can I create an IPSec SA > programmatically, I > > > suspect there must be an API in place to do that in Win2K. > > > > I'm fairly sure that API is secret, and isn't published by > Microsoft. > > The explanation I heard from the MS Program Manager who was > > responsible for IPSEC was that they didn't think they had > gotten the > > API completely right in W2K, and didn't want to have to support it > > into eternity.... so they weren't going to make it public. Ted is correct: We don't want to support an API that has not yet stabilized (for whatever reason). > Thanks for the response Ted. Looks like MS is doing its best > to push people out of the Windows at least in the Development realm. Uhhh, no-- how exactly did you arrive at this conclusion? We are certainly not trying to push developers away from the Windows platform. That would be really silly of us, wouldn't it? :-) In case you have further IPSEC questions, consult http://support.microsoft.com/support/kb/articles/Q265/1/12.ASP. Interesting excerpts relating to this discussion follow: <snip> The Windows 2000 and Windows XP IPSec APIs and policy schema have not been published yet. IPSec and IKE identity-protect mode (main mode and quick mode) do not lend themselves to program-based, connection-oriented APIs. [...] Microsoft intends to change the policy storage formats in future releases of Windows. Therefore, the Windows IPSec directory policy and local registry storage formats are considered a Microsoft private, unpublished data structure. [...] For a future release (not necessarily the next release), Microsoft is working on APIs that allow API clients to plumb filters and offers to the engine. Microsoft will make APIs available after a detailed third-party vendor design review. Policy-management solutions will be able to design their own policy formats and then plumb them to the IPSec system by using the APIs. You can still batch script IPSec policy creation. Ipsecpol.exe is a command-line tool in the Microsoft Windows 2000 Resource Kit that you can use to script policy construction (documentation is included with the tool). </snip> -Dave
