From owner-freebsd-net@FreeBSD.ORG Thu Aug 4 07:46:55 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FDDE16A41F for ; Thu, 4 Aug 2005 07:46:55 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from caine.easynet.fr (smarthost163.mail.easynet.fr [212.180.1.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id F398B43D4C for ; Thu, 4 Aug 2005 07:46:54 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by caine.easynet.fr with esmtp (Exim 4.50) id 1E0aRI-0003Dy-9r for freebsd-net@freebsd.org; Thu, 04 Aug 2005 09:46:52 +0200 Received: by smtp.zeninc.net (smtpd, from userid 1000) id E869B3F61; Thu, 4 Aug 2005 09:46:42 +0200 (CEST) Date: Thu, 4 Aug 2005 09:46:42 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20050804074642.GA3437@zen.inc> References: <42EFAEBE.8060905@seton.org> <20050802183007.GA13203@zeninc.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.28i Subject: Re: RE: NAT-T support for IPSec stack X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Aug 2005 07:46:55 -0000 On Tue, Aug 02, 2005 at 08:51:55PM +0000, Bjoern A. Zeeb wrote: [NAT-T, IPR, etc....] > > More infos about that may be get from Emmanuel Dreyfus, a NetBSD > > developper and a member of the ipsec-tools team, which made the NetBSD > > NAT-T support, and told me a few month ago that NetBSD lawyers were > > looking at that potential IPR issue. > > do you have more info about this? Ok, I have more informations about what have been done for NetBSD: There are known patents which may covert some parts of NAT-T, but those patents are very unclear, and it is very difficult to see if they really cover some parts of the NAT-T process, and it is still more unclear if they are valid. So, the solution choosen for NetBSD is the same as for ipsec-tools: it is enabled by an option, and it is specified in the documentation that "some parts of this code may be patent encumbered in some countries". I also asked a few months ago what have changed for OpenBSD (they told some years ago that they woudn't implement NAT-T until no all potential IPR problems were solved, then they implemented NAT-T), but had no real answer. Yvan.