Date: Thu, 28 May 1998 10:30:35 +0200 (SAT) From: Ian Cooper <ian@cdsec.com> To: freebsd@atipa.com (Atipa) Cc: freebsd-security@FreeBSD.ORG, opsys@mail.webspan.net Subject: Re: FreeBSD Tunneling Message-ID: <199805280830.KAA24639@cdsec.com> In-Reply-To: <Pine.BSF.3.96.980527200116.28323A-100000@cdsec.com> from "Atipa" at May 27, 98 08:03:32 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Wed, 27 May 1998, Atipa wrote: > > > Well, I think those last bits to the FreeBSD code should be completed in > > South Africa, and distributed from there :) > > I second this! We're presently debugging and extending the WIDE IPSEC implementation to do tunnel mode, and this IS being done in South Africa :) The WIDE implementation, IMHO is a pretty clean one, and since it is inherently a FreeBSD implementation rather than a port, I'd suggest that it be considered as a strong candidate for the "official" implementation. We also have plans for an ISAKMP implementation. If others volunteer to do some of the non-crypto ISAKMP stuff, then we can do the crypto part and that would speed up the availability of isakmp. Ian > > > Jordan mentioned to me that Walnut Creek is in some sort of > > crypto-law-exempt region or something, and FreeBSD can use full-strength > > crypto. Jordan, care to explain? This would be a big loss to FreeBSD if > > this technology goes non-exportable! > > I was not aware of that hmm. > > > Well, if you help me figure it out, I'll write the docs. I'll wait for the > > FreeBSD port (no OpenBSD machines in use now, and I like FreeBSD better!), > > but I'd be happy to contribute. > > I was going to write a section in the handbook for SKIP once I got it > working but im quite convinced SKIP sucks, and while no one likes writing > doc's I have seen more documentation on "undocumented" kernel options > thatn SKIP. Im sure once its working it is probably nice, but I think the > implementation must be piss poor if so many people are finding it > impossible to get configured. > > > Agreed on both accounts. Keep in touch w/ me if you want testers, etc. > > I'd be happy to test it as well. > > Chris > > -- > "I don't do favors, I accumulate debts" > > ===================================| Open Systems Networking And Consulting. > FreeBSD 2.2.6 is available now! | Phone: 316-326-6800 > -----------------------------------| 1402 N. Washington, Wellington, KS-67152 > FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net > http://www.freebsd.org | Consulting-Network Engineering-Security > ===================================| http://open-systems.net > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.2 > > mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te > gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC > foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z > d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb > NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv > CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 > b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= > =BBjp > -----END PGP PUBLIC KEY BLOCK----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- Ian Cooper (ian@cdsec.com) Tel: +27 21 23-6065 Citadel Data Security Fax: +27 21 24-3656 Citadel Firewall, Citadel VPN Router Unit 3, 46 Orange Street http://www.cdsec.com Cape Town, South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805280830.KAA24639>