On Wed, Mar 12, 2008 at 07:49:46AM +0800, Kacheong Poon wrote: > [EMAIL PROTECTED] wrote: > > > Moreover, as we discussed in various hallway conversations, > > it's a little odd to configure ipsec policy in one way (using > > ipsecconf) and to configure md5 in another (via on/off switches). > > > I guess to some people, it is rather odd to configure something > totally not related to IPsec using ipsecconf... If it is > something like a system level security configuration command, > I guess it is better... But then this command will probably > need to handle every security features in the system to be > consistent, even at app level security, such as SSL. I guess > there are just too many odd things in the world ;-)
:) Point taken. Well, I'll be at the kmart BoF at IETF tomorrow, so we'll see what is going on with TCP-AO and how that affects the design for TCP-MD5, if at all. I'm not sure that I want a single CLI tool to configure every security sub-system of the OS. In fact, I know I don't. Nico -- _______________________________________________ networking-discuss mailing list [email protected]
