From owner-freebsd-security Thu May 28 10:55:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA17583 for freebsd-security-outgoing; Thu, 28 May 1998 10:55:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from adk.gr (COREDUMP.CIS.UPENN.EDU [158.130.6.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA17557 for ; Thu, 28 May 1998 10:55:08 -0700 (PDT) (envelope-from angelos@dsl.cis.upenn.edu) Received: from dsl.cis.upenn.edu (localhost [127.0.0.1]) by adk.gr (8.8.8/8.8.5) with ESMTP id NAA23696; Thu, 28 May 1998 13:54:16 -0400 (EDT) Message-Id: <199805281754.NAA23696@adk.gr> To: Open Systems Networking Cc: Ian Cooper , Atipa , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Tunneling In-reply-to: Your message of "Thu, 28 May 1998 04:48:27 EDT." Date: Thu, 28 May 1998 13:54:16 -0400 From: "Angelos D. Keromytis" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- To: Open Systems Networking Subject: Re: FreeBSD Tunneling Cc: Ian Cooper , Atipa , Date: 05/28/98, 13:54:15 In message , Open S ystems Networking writes: > >> The WIDE implementation, IMHO is a pretty clean one, and since it I surely hope you're not implying otherwise for certain other implementations :-) >> is inherently a FreeBSD implementation rather than a port, I'd >> suggest that it be considered as a strong candidate for the "official" >> implementation. Um. Maybe I wasn't clear. We're not quite aiming at becoming a/the "official" implementation. If people think the port's useful, they'll use it; if it's extremely useful, maybe it will be integrated in the kernel. Ditto for the WIDE code. If the latter happens, we'll interop against it. I've only briefly looked in the distant past at the WIDE code. It was good code (I usually have trouble reading code written in Japan), but rather incomplete in the features it supported (things may have changed). In any case, I'd urge you to try and interoperate with OpenBSD post-2.3 IPsec, since we've done major interoperability testing with many other (commercial) vendors. An amusing detail: the OpenBSD IPsec was originally writen for BSD/OS (by John Ioannidis), then ported to NetBSD (by me), and then moved to OpenBSD (by Niels Provos and me). So we'd like to claim that we've gone through all the BSDs :-) >Let the best Stack win :) Sorry, not a contest :-) >> We also have plans for an ISAKMP implementation. If others volunteer >> to do some of the non-crypto ISAKMP stuff, then we can do the crypto >> part and that would speed up the availability of isakmp. Hm. There is one free implementation of ISAKMP/Oakley (now called IKE), named pluto. Written originally by yours truly, it's now being supported by the FreeSWAN project (I forget the URL, mailing list is linux-ipsec@clinet.fi, usual majordomo to subscribe). Unfortunately, that code is under GPL (yes, I know, but I was young and needed the money...err...). It's also horrible (250KB speed-written in 3 weeks, to meet a deadline), but it's more or less free (modulo GPL), outside the US (written in Greece, supported by people in Canada), and there is some support. AFAIK it's the only one with these properties (yes, even the horrible code :-) The FreeSWAN project is Linux-oriented, but pluto was written on OpenBSD (and should be trivially portable), and there's quite a bit of cooperation between them and the OpenBSD IPsec group. I'll shut up now. - -Angelos PS. Found the URL, it's http://www.xs4all.nl/~freeswan/ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBNW2kx70pBjh2h1kFAQHkwgQAkNw6RrLbhPga9kLH3MITs0tq8l5ItGfI HP/Qu8Z42dhOGQivvYbEH8uPRZiJmP7iMNNKyZd7U1tcEpcr2OYKOns8jqaSdnIf X6SC6SDJiXPy1sOFXXBBpSQrDqcPf5lEMMSLGec0K1oTYxNVGu5fZcrlZ+wA7Zow jXfHVSXd5w0= =g4GP -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message