James Carlson wrote:
> The socket option would also be radically different from what BSD has
> already done, and I'm not actually so sure it'd be easier to get
> _right_, as a well-trodden path is usually easier.
By "BSD," you meant the OpenBSD distro, right?
> A socket option that does as you're suggesting (and which is not what
> anyone else is suggesting -- that's not what IP_SEC_OPT does) would in
> fact work, as it's roughly equivalent in functionality to using PF_KEY
> directly. (Which, really, I don't think is that hard anyway.)
I was trying to point out that using IPsec policy engine and
PF_KEY is not the only workable way to get TCP MD5 into Solaris.
The arguments so far seem to suggest that the proposal is the only
workable way.
--
K. Poon.
[EMAIL PROTECTED]
_______________________________________________
networking-discuss mailing list
[email protected]
