With the introduction of the security architecture for IP (IPsec, described in RFC 2401 [Kent and Atkinson 1998a]), a standard mechanism was needed to manage secret encryption and authorization keys. RFC 2367 [McDonald, Metz, and Phan 1998] introduces a generic key management API that can be used for IPsec and other network security services. Similar to routing sockets (Chapter 18), this API creates a new protocol family, the
PF_KEY domain. As with routing sockets, the only type of socket supported in the key domain is a raw socket.
As described in Section 4.2, on most systems,
AF_KEY would be defined to the same value as
PF_KEY. However, RFC 2367 is quite specific that
PF_KEY is the constant that ...