On Tue, Jul 01, 2003 at 09:11:41PM +1000, herbert wrote: > > Hmm, it's not as simple as that since the security path is not required > to match exactly with the policy. For instance you may be able to > steal someone's IPCOMP tunnel with this. > > I'll need to think about it a bit more. Is there another use for optional templates apart from IPCOMP templates? If there isn't would it be acceptable to implement optional IPCOMP in a different way so that we can do exact matches on the policy? -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
