From owner-freebsd-arch@FreeBSD.ORG Thu Mar 16 08:05:46 2006 Return-Path: X-Original-To: arch@freebsd.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0338116A424 for ; Thu, 16 Mar 2006 08:05:46 +0000 (UTC) (envelope-from massimo@cedoc.mo.it) Received: from insomma.datacode.it (ip-174-86.sn2.eutelia.it [83.211.174.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A00543D4C for ; Thu, 16 Mar 2006 08:05:43 +0000 (GMT) (envelope-from massimo@cedoc.mo.it) Received: from localhost (localhost.datacode.it [127.0.0.1]) by insomma.datacode.it (Postfix) with SMTP id 1F3532C90B for ; Thu, 16 Mar 2006 09:05:41 +0100 (CET) Received: from insomma.datacode.it (localhost.datacode.it [127.0.0.1]) by insomma.datacode.it (Postfix) with ESMTP id 560692C90A; Thu, 16 Mar 2006 09:05:40 +0100 (CET) Received: from massimo.datacode.it (massimo.datacode.it [192.168.1.13]) by insomma.datacode.it (Postfix) with ESMTP id 291A62C906; Thu, 16 Mar 2006 09:05:40 +0100 (CET) From: Massimo Lusetti To: Pawel Jakub Dawidek In-Reply-To: <20060315215915.GB16188@garage.freebsd.pl> References: <20060315004530.B5861@fledge.watson.org> <20060314.204252.74651890.imp@bsdimp.com> <20060315105031.E5861@fledge.watson.org> <20060315215915.GB16188@garage.freebsd.pl> Content-Type: text/plain Organization: CEDOC - Modena Date: Thu, 16 Mar 2006 09:05:40 +0100 Message-Id: <1142496340.4311.12.camel@massimo.datacode.it> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 (2.0.4-7) Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: arch@freebsd.org, Robert Watson Subject: KAME/Fast IPSEC (was Re: netatm: plan for removal unless an active maintainer is found) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Mar 2006 08:05:46 -0000 On Wed, 2006-03-15 at 22:59 +0100, Pawel Jakub Dawidek wrote: > Let me add my two cents. There are actually two things to do with KAME > IPsec: MPSAFE and crypto(9) support and only one thing (IPv6) in case of > fast_ipsec(4), so I think it will be much easier to add IPv6 support to > fast_ipsec(4) and just drop KAME IPsec, so we can have one, full > functional IPsec stack. > > This is really confusing for the users. When I first heard of > fast_ipsec(4) I thought it only works with crypto HW and if I need to do > cryptography in software I need KAME IPsec. > > But that's just an opinion of a passive observer:) I also would like to see more clearness on this, Pawel is right saying it's a confusing situation. Ciao -- Massimo There are more way to do things, one is the bsd-way the others are wrong