Pierre Habouzit <madcoder@xxxxxxxxxx> wrote: > > So let me rephrase that to be sure we've understood each other. What you > suggest is to have an IKE-like daemon dealing with the keys and all the > handshakes, and that the kernel would only deal with the symmetric > ciphers used on the data path. Is that right ? Either a daemon or a library in user-space should handle the hard work of negotiating the keys. You can leave the easy work of encrypting/decrypting the data to the kernel :) Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
