From owner-freebsd-security  Thu Mar 11 16:39:31 1999
Delivered-To: freebsd-security@freebsd.org
Received: from fep04-svc.tin.it (mta04-acc.tin.it [212.216.176.35])
	by hub.freebsd.org (Postfix) with ESMTP id 053E814E7A
	for <freebsd-security@FreeBSD.ORG>; Thu, 11 Mar 1999 16:39:06 -0800 (PST)
	(envelope-from molter@tin.it)
Received: from nympha.ecomotor.it ([212.216.29.76]) by fep04-svc.tin.it
          (InterMail v4.0 201-221-105) with SMTP
          id <19990312003844.FKZM6673.fep04-svc@nympha.ecomotor.it>
          for <freebsd-security@FreeBSD.ORG>;
          Fri, 12 Mar 1999 01:38:44 +0100
Received: (qmail 945 invoked by uid 1000); 12 Mar 1999 00:32:05 -0000
From: "Marco Molteni" <molter@tin.it>
Date: Fri, 12 Mar 1999 01:32:04 +0100 (CET)
X-Sender: molter@nympha
To: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: IKE daemons (was: Re: disapointing security architecture)
In-Reply-To: <199903110155.UAA23785@adk.gr>
Message-ID: <Pine.BSF.3.96.990312012243.407B-100000@nympha>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 10 Mar 1999, Angelos D. Keromytis wrote:

> >> > An other point OpenBSD made some steps forward: they have IPSec
> >> > (PF_KEY v2 !!).
> >>
> >> 1. PF_KEY != IPsec.
>
> Sorry for jumping in here, I'd just like to point out that OpenBSD
> does have an IPsec stack as well (has had one for a bit over 2 years);
> PFKEYv2 was added recently, replacing the PFENCAP interface used before.

Angelos, maybe I wasn't clear. What I meant was simply that PF_KEY isn't
IPsec (it's just an API), not that, since OpenBSD has PF_KEY, it hasn't
IPsec. I know OpenBSD has the NRL code.

> If you use the KAME code, I would suggest using the OpenBSD isakmpd with
> it (once it's been converted to PFKEYv2, should be before the end of the
> month).

This could be a really interesting thing. I'm doing something near to
impossible, Multicast IPsec key distribution. As platform I'm using
FreeBSD+KAME with some custom patches.

What is isakmpd ? Is it an IKE daemon? I saw in the NRL IPsec web pages
that they have two IKE/ISAKMP daemons, one from Cisco, but both aren't
available outside the USA.

Basically I'm looking for some sample code using PF_KEY to do key
exchanges.

Marco
--- 
"Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?"
"I'm sorry, this is device driver testing: brain implants are two doors
 down on the right". (Bill Paul, on the freebsd-net mailing list)




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message