Date: Tue, 21 Apr 1998 10:53:42 +0200 (MET DST) From: Janos Mohacsi <mohacsi@bagira.fsz.bme.hu> To: freebsd-security@FreeBSD.ORG Cc: stable@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <Pine.SUN.3.96.980421102944.860I-100000@bagira.fsz.bme.hu> In-Reply-To: <199804171615.MAA11623@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 17 Apr 1998, Garrett Wollman wrote: > Date: Fri, 17 Apr 1998 12:15:57 -0400 (EDT) > From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> > To: "Jordan K. Hubbard" <jkh@time.cdrom.com> > Cc: Johan Allard <allard@NetMan.SE>, > Robert Watson <robert+freebsd@cyrus.watson.org>, > Dima Ruban <dima@best.net>, Matthew Hunt <mph@pobox.com>, > stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG > Subject: Re: kernel permissions > > <<On Fri, 17 Apr 1998 08:57:44 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said: > > >> On the whish list I would like to add support for IPsec. It must be > > The WIDE project folks have already implemented both IPsec and > > IPv6 - we just need to incorporate their stuff without hopefully > > pissing off any of the 1,473 different other IPv6 implementors out > > there .: -) > > If we could just get the WIDE people and the INRIA people (and the NRL > people) to all coalesce around a single solution, we'd have a clear > winner. According to our test the most stable IPv6 implementation is the INRIA IPv6 (The result of our test will due to published in TERENA Networking Conference '98). Althought it does not contain either DES or other cryptographic software all the hooks in the kernel are available to fill out. (The necessary code is available from http://www.ipv6.ticl.co.uk/devpv6.htm ). Unfortunately IPsec is not available for IPv4 in the INRIA implementation. Compiling the WIDE implementation is quite hard because of misnamed structure fields, etc. And the kernels dumps core sometimes... The most important argument against the WIDE IPv6 (for me) that the applications are not so tightly integrated to the system as in the INRIA. The solutions would be the import INRIA IPv6 code and integrate WIDE or ticl IPSec (with addition photurisd from OpenBSD and ISA KMP/Oakley). Sincerely, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980421102944.860I-100000>