1) I see no mention of PKI algorithms. How would they be implemented?
2) I would have to agree with ken and alonz in that the netlink-based system
seems more like a hack than a proper design.
3) I would also agree with alonz that crypto operations don't seem to fit
well into any of the current Unix abstractions.
4) I am new to ioctl-based programming, so can anyone please tell me what is
awful about it?
Disclaimer: I am a kernel-driver who is currently hacking (learning) on an
ioctl-based, /dev/blah driver for a hardware (PCI) crypto device.