Dave, Thanks for the response.
> Uhhh, no-- how exactly did you arrive at this conclusion? > We are certainly not trying to push developers away from the Windows > platform. That would be really silly of us, wouldn't it? :-) To my mind, this is not sillier than having an IPSec API in place and not publishing it for whatever reason you have :) Objectively, this policy makes numerous IPSec Swr Development folks to turn to Linux based FreeS/WAN project (or alike). Personally, I don't like the idea of having to go there, but I will if I don't have an alternative. > http://support.microsoft.com/support/kb/articles/Q265/1/12.ASP. I've looked at this alredy, did not find anything partucularly helpfull to resolve my problem. Any way, thanks again for your input. Eugene. -- Eugene Nechamkin [EMAIL PROTECTED] - email ---- "David Lawler Christiansen (NT)" <[EMAIL PROTECTED]> wrote: > > See below: > > > -----Original Message----- > > From: Eugenen [mailto:[EMAIL PROTECTED]] > > > > [EMAIL PROTECTED] (Theodore Tso) wrote in message > > news:<[EMAIL PROTECTED]>... > > > On Mon, Oct 22, 2001 at 12:42:03AM -0700, Eugenen wrote: > > > > Does anybody know how can I create an IPSec SA > > programmatically, I > > > > suspect there must be an API in place to do that in Win2K. > > > > > > I'm fairly sure that API is secret, and isn't published by > > Microsoft. > > > The explanation I heard from the MS Program Manager who was > > > responsible for IPSEC was that they didn't think they had > > gotten the > > > API completely right in W2K, and didn't want to have to support > it > > > into eternity.... so they weren't going to make it public. > > > Ted is correct: We don't want to support an API that has not yet > stabilized (for whatever reason). > > > > Thanks for the response Ted. Looks like MS is doing its best > > to push people out of the Windows at least in the Development realm. > > > > Uhhh, no-- how exactly did you arrive at this conclusion? > We are certainly not trying to push developers away from the Windows > platform. That would be really silly of us, wouldn't it? :-) > > > In case you have further IPSEC questions, consult > http://support.microsoft.com/support/kb/articles/Q265/1/12.ASP. > Interesting excerpts relating to this discussion follow: > > <snip> > > The Windows 2000 and Windows XP IPSec APIs and policy schema have not > been published yet. IPSec and IKE identity-protect mode (main mode > and > quick mode) do not lend themselves to program-based, connection-oriented > APIs. > > [...] > > Microsoft intends to change the policy storage formats in future > releases of Windows. Therefore, the Windows IPSec directory policy > and > local registry storage formats are considered a Microsoft private, > unpublished data structure. > > [...] > > For a future release (not necessarily the next release), Microsoft > is > working on APIs that allow API clients to plumb filters and offers > to > the engine. Microsoft will make APIs available after a detailed > third-party vendor design review. Policy-management solutions will > be > able to design their own policy formats and then plumb them to the > IPSec > system by using the APIs. > > You can still batch script IPSec policy creation. Ipsecpol.exe is a > command-line tool in the Microsoft Windows 2000 Resource Kit that you > can use to script policy construction (documentation is included with > the tool). > > </snip> > > -Dave > __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com
