Miika Komu
2007-02-12 08:11:54 UTC
Hi folks,
Julien requested an preversion of the BTNS API draft. Here it goes:
Abstract
IPsec based security is usually transparent for applications and they
may not be sure when network connections are protected. This
document specifies an API that increases the visibility of IPsec to
applications. The API allows applications to use the Stand-alone
BTNS mode, control the channel bindigs and control also other network
security properties related to IPsec.
http://www.iki.fi/miika/docs/draft-komu-btns-api-01-pre1.txt
Short diff between 00 and 01-pre1: rewritten almost from scratch and now
also contains some real API definitions. The API is not based on GSS and
native API anymore.
I would like to thank Michael Richardson, Love Hoernquist Aestrand,
Nicolas Williams and Julien Laganier for good ideas and input for draft.
For the mistakes, you can blame only me :) Todo list:
* Lack of details in error values, different attribute types etc. Please
provide your suggestions on these.
* Storing of channel bindigs to reboot-resistant media (files).
* Show compatibility with GSS and SASL (e.g. code by examples)
* Server side code examples
I hope the basic API design makes sense for you. Please see the appendix
for some code examples that hopefully tie all of the functions together in
a meaningful way.
Julien requested an preversion of the BTNS API draft. Here it goes:
Abstract
IPsec based security is usually transparent for applications and they
may not be sure when network connections are protected. This
document specifies an API that increases the visibility of IPsec to
applications. The API allows applications to use the Stand-alone
BTNS mode, control the channel bindigs and control also other network
security properties related to IPsec.
http://www.iki.fi/miika/docs/draft-komu-btns-api-01-pre1.txt
Short diff between 00 and 01-pre1: rewritten almost from scratch and now
also contains some real API definitions. The API is not based on GSS and
native API anymore.
I would like to thank Michael Richardson, Love Hoernquist Aestrand,
Nicolas Williams and Julien Laganier for good ideas and input for draft.
For the mistakes, you can blame only me :) Todo list:
* Lack of details in error values, different attribute types etc. Please
provide your suggestions on these.
* Storing of channel bindigs to reboot-resistant media (files).
* Show compatibility with GSS and SASL (e.g. code by examples)
* Server side code examples
I hope the basic API design makes sense for you. Please see the appendix
for some code examples that hopefully tie all of the functions together in
a meaningful way.
--
Miika Komu http://www.iki.fi/miika/
Miika Komu http://www.iki.fi/miika/