From: Taral <taral@taral.net>
Date: Tue, 19 Nov 2002 22:51:02 -0600
The current IPSec implementation has a distinction in the security
policy between transport and tunnel SAs. I think this is not the best
way to do this. This distinction duplicates work already done by the
ipip driver. We have a tunneling system already, we should use it.
The IPSEC RFCs require this state to be per SA. The key exchange
daemons also need to know this.
IPIP cannot do what is needed to happen here for tunnel based
SAs, it lacks the knowledge and shouldn't need to be concerned
with what happens there.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
This archive was generated by hypermail 2b29 : Sat Nov 23 2002 - 22:00:00 EST