From owner-freebsd-net@FreeBSD.ORG Sat Apr 7 10:35:29 2007 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 517E816A402; Sat, 7 Apr 2007 10:35:29 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0F6C013C45E; Sat, 7 Apr 2007 10:35:28 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by postfix1-g20.free.fr (Postfix) with ESMTP id AE4BED3E678; Sat, 7 Apr 2007 12:16:09 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 32B47432AB; Sat, 7 Apr 2007 12:16:07 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 3B3509C387; Sat, 7 Apr 2007 10:16:01 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 117C3405D; Sat, 7 Apr 2007 12:16:01 +0200 (CEST) Date: Sat, 7 Apr 2007 12:16:00 +0200 From: Jeremie Le Hen To: "Bruce M. Simpson" Message-ID: <20070407101600.GF11297@obiwan.tataz.chchile.org> References: <46171DB2.6070705@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <46171DB2.6070705@FreeBSD.org> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: gnn@freebsd.org, net@freebsd.org Subject: Re: A radical restructuring of IPsec... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Apr 2007 10:35:29 -0000 Hi, Bruce, On Sat, Apr 07, 2007 at 05:27:30AM +0100, Bruce M. Simpson wrote: > I'm all for this in principle. I believe that the case for FAST_IPSEC > over KAME IPSEC is fairly clear for those of us who have read the USENIX > paper. Qualitatively speaking I can say FAST_IPSEC has been more > pleasant to work with when introducing the TCP-MD5 support. Would you point out the paper you're talking about please ? George, Thank you for your work! I'm a little sorrowful to see KAME's work going to be forgotten, but well, this is Darwin's law :-). BTW, a couple of years ago, I've tried KAME's snapshot against my RELENG_4's tree. There was a number of features that weren't in the base system and I'm pretty sure this is still the case. I can't remember them all but one: NAT-PT (RFC2766) (IPv4<->IPv6 translation). Do you have any idea what those features will become in later days ? Thank you. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >