Stephen D. Williams writes:
Could we please share snapshots of any code that exists? Even if it's for a totally different OS, it's still extremely helpful if we're short on time.
Thats certainly something people expect to do -- I'll begin letting people at my code in a couple of weeks. There is a mailing list for IPSEC developers right now -- people who have read the RFCs and decide to get serious might want to subscribe.
I'm interested in doing/helping with Linux. I also have access to an SGI Indy (less well ready to develop though) and HPUX.
Kernel sources are important here -- if you don't have kernel sources IPSEC may be a challenge to put into a kernel...
Does it make any sense to talk about loopback interface style wedges to convert OS native IP to IPSEC? What about a version of inetd that wraps apps?
Steve Bellovin has a summer student who did an interesting wedge on PCs running packet driver interfaces in which he interposed his stuff between the stack and the real packet driver. However, this can only be of use for host-host keying and not user-user which is the real goal. .pm