From owner-freebsd-current Wed Jul 5 11:57:57 2000 Delivered-To: freebsd-current@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 82FCF37BFDC; Wed, 5 Jul 2000 11:57:52 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from kiwi.itojun.org (localhost.itojun.org [127.0.0.1]) by coconut.itojun.org (8.9.3+3.2W/3.7W) with ESMTP id DAA12257; Thu, 6 Jul 2000 03:57:51 +0900 (JST) To: Robert Watson Cc: Kris Kennaway , current@FreeBSD.org In-reply-to: rwatson's message of Wed, 05 Jul 2000 13:24:07 -0400. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: KAME integration and plans From: itojun@iijlab.net Date: Thu, 06 Jul 2000 03:57:51 +0900 Message-ID: <12255.962823471@coconut.itojun.org> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >This is great news -- one of the big hangups in our interop testing at NAI >Labs was the like of IKE on FreeBSD. I notice that right now racoon is a >port -- assuming this interpretation is correct, are their any plans to >integrate racoon as a base system component? As you point out, without >IKE, FreeBSD's IPsec implementation is effectively useless for >cross-platform communication due to the number of frobs in SA >configuration. I also look forward to the rapid MFC'ing, assuming that >the code works :-). this is because we expect to have so many many changes/improvements in racoon - once we put racoon into base tree, we need to be much more careful about backward-compatibility in config file, for example. also, we need to improve kernel policy management for socket-based policy, and process-to-process policy inheritance. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message