Back from vacation and travel ...
> one question - maybe i have lost some context.
> we are talking about socket API. is it really necessary
> for user applications to be able to transmit arbitrary AH/ESP/fragment
> header?
I don't see a need to allow this on the transmit side. But the discussion
started off with the need on the receive side to identify what headers was
covered by IPsec i.e. somehow be able to indentify what was before and
after an ESP header. I don't know if any application cares whether received
destination options appear before or after a fragmentation header.
Is there such a need?
Erik
> even for raw IP socket, i think it reasonable to forbid users
> from attaching arbitrary AH/ESP/fragment header (i.e. to say that
> they are "kernel" thingie).
>
> itojun
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
