IPSec API In Win2K

IPSec API In Win2K

Post by Eugene Nechamki » Fri, 02 Nov 2001 05:51:05



Dave,

Thanks for the response.

Quote:> Uhhh, no-- how exactly did you arrive at this conclusion?  
> We are certainly not trying to push developers away from the Windows
> platform.  That would be really silly of us, wouldn't it?  :-)

To my mind, this is not sillier than having an IPSec API in place and
not publishing it for whatever reason you have :) Objectively, this policy
makes numerous IPSec Swr Development folks to turn to Linux based FreeS/WAN
project (or alike). Personally, I don't like the idea of having to go
there, but I will if I don't have an alternative.

Quote:> http://support.microsoft.com/support/kb/articles/Q265/1/12.ASP.

I've looked at this alredy, did not find anything partucularly helpfull
to resolve my problem.

Any way, thanks again for your input.

Eugene.
--
Eugene Nechamkin



> See below:

> > -----Original Message-----




> > > > Does anybody know how can I create an IPSec SA
> > programmatically, I
> > > > suspect there must be an API in place to do that in Win2K.

> > > I'm fairly sure that API is secret, and isn't published by
> > Microsoft.
> > > The explanation I heard from the MS Program Manager who was
> > > responsible for IPSEC was that they didn't think they had
> > gotten the
> > > API completely right in W2K, and didn't want to have to support
> it
> > > into eternity.... so they weren't going to make it public.

> Ted is correct: We don't want to support an API that has not yet
> stabilized (for whatever reason).  

> > Thanks for the response Ted. Looks like MS is doing its best
> > to push people out of the Windows at least in the Development realm.

> Uhhh, no-- how exactly did you arrive at this conclusion?  
> We are certainly not trying to push developers away from the Windows
> platform.  That would be really silly of us, wouldn't it?  :-)

> In case you have further IPSEC questions, consult
> http://support.microsoft.com/support/kb/articles/Q265/1/12.ASP.
> Interesting excerpts relating to this discussion follow:

> <snip>

> The Windows 2000 and Windows XP IPSec APIs and policy schema have not
> been published yet. IPSec and IKE identity-protect mode (main mode
> and
> quick mode) do not lend themselves to program-based, connection-oriented
> APIs.

> [...]

> Microsoft intends to change the policy storage formats in future
> releases of Windows. Therefore, the Windows IPSec directory policy
> and
> local registry storage formats are considered a Microsoft private,
> unpublished data structure.

> [...]

> For a future release (not necessarily the next release), Microsoft
> is
> working on APIs that allow API clients to plumb filters and offers
> to
> the engine. Microsoft will make APIs available after a detailed
> third-party vendor design review. Policy-management solutions will
> be
> able to design their own policy formats and then plumb them to the
> IPSec
> system by using the APIs.

> You can still batch script IPSec policy creation. Ipsecpol.exe is a
> command-line tool in the Microsoft Windows 2000 Resource Kit that you
> can use to script policy construction (documentation is included with
> the tool).

> </snip>

> -Dave

__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com