David Schwartz wrote: > 1) IPsec already has the negotiation features that you would need. > > 2) IPsec acts below the TCP/UDP layer. Using SSL would make it very hard to > precisely replicate TCP/UDP semantics leading to lots of subtle bugs and > compatability problems > > I think the misconception is that putting things in the kernel somehow makes > them faster. Even typical IPsec implementations put the heavy-duty cipher > work (like key exchange) in user space.
Much of this MUST be in user space -- key management, etc. Opening and reading a file while in kernel mode? Ack. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
