K 10
svn:author
V 5
andre
K 8
svn:date
V 27
2013-03-19T13:14:06.536628Z
K 7
svn:log
V 787
After careful evaluation decide for the setsockopt() method to TCP-AO key
management.  A description can be found in the comments to tcp_ao.h.

The IPSEC key interface is only partially suited for use by TCP-AO.  The
concepts used by TCP-AO and IPSEC are very different.  Requiring the IPSEC
dependency for TCP-AO hinders deployment and considerably complicates the
implementation and creates unnecessary inter-dependencies.

The setsockopt() method to set TCP-AO keys is straight forward for the
user/application and in implementation.  It puts everything together at
the socket the configuration applies to.

Add netinet/tcp_ao.h to hold the TCP-AO specific structures.  Parts of it
may be move to netinet/tcp.h after the implementation has stabilized.

Sponsored by:	Juniper Networks

END