On Thu, Aug 14, 2003 at 07:12:59PM -0700, David S. Miller wrote:
> I totally disagree, choice is everything.
>
> That's why we allow NULL crypto algorithms. Not doing
> so turns this into a political thing, which I decidedly
> do not want our IPSEC implementation to be all about.
>
> And therefore I will add the patch.
>
Thank you, David. I completely agree with allowing users to choose
which algorithms they wish to deploy.
> When using pfkeyv2 sockets, yes you have to assign a number and then
> the APP has to be aware of it. This just shows how bogus it is to use
> fixed numbers instead of strings to select crypto algorithms.
>
Again, I agree. Especially given the limitations of using the
private ESP id space, since there is no new RFC delegating
additions yet.
Regards,
--
Kyle McMartin <kyle@xxxxxxxxxx>
1024D/191FCD8A - 331A 9468 C04D 3A76 5C56 BA68 7EB7 92DF 191F CD8A
2048R/F515317D - 68 A9 0D 28 1B DF 8D 42 0F CC AF 98 A8 D5 A4 04
|