From owner-freebsd-security  Tue Apr 21 02:56:22 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA05268
          for freebsd-security-outgoing; Tue, 21 Apr 1998 02:56:22 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from bagira.fsz.bme.hu (bagira.fsz.bme.hu [152.66.76.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA05146;
          Tue, 21 Apr 1998 09:55:28 GMT
          (envelope-from mohacsi@bagira.fsz.bme.hu)
Received: from localhost (mohacsi@localhost)
	by bagira.fsz.bme.hu (8.9.0.Beta5/8.9.0.Beta3+BME-IIT) with SMTP id KAA04988;
	Tue, 21 Apr 1998 10:53:44 +0200 (MET DST)
Date: Tue, 21 Apr 1998 10:53:42 +0200 (MET DST)
From: Janos Mohacsi <mohacsi@bagira.fsz.bme.hu>
Reply-To: Janos Mohacsi <mohacsi@bagira.fsz.bme.hu>
To: freebsd-security@FreeBSD.ORG
cc: stable@FreeBSD.ORG
Subject: Re: kernel permissions 
In-Reply-To: <199804171615.MAA11623@khavrinen.lcs.mit.edu>
Message-ID: <Pine.SUN.3.96.980421102944.860I-100000@bagira.fsz.bme.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk




On Fri, 17 Apr 1998, Garrett Wollman wrote:

> Date: Fri, 17 Apr 1998 12:15:57 -0400 (EDT)
> From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
> Cc: Johan Allard <allard@NetMan.SE>,
>     Robert Watson <robert+freebsd@cyrus.watson.org>,
>     Dima Ruban <dima@best.net>, Matthew Hunt <mph@pobox.com>,
>     stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
> Subject: Re: kernel permissions 
> 
> <<On Fri, 17 Apr 1998 08:57:44 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said:
> 
> >> On the whish list I would like to add support for IPsec. It must be
> > The WIDE project folks have already implemented both IPsec and
> > IPv6 - we just need to incorporate their stuff without hopefully
> > pissing off any of the 1,473 different other IPv6 implementors out
> > there .: -)
> 
> If we could just get the WIDE people and the INRIA people (and the NRL
> people) to all coalesce around a single solution, we'd have a clear
> winner.

According to our test the most stable IPv6 implementation is the INRIA
IPv6 (The result of our test will due to published in TERENA Networking
Conference '98). Althought it does not contain either DES or other
cryptographic software all the hooks in the kernel are available to fill
out. (The necessary code is available from
http://www.ipv6.ticl.co.uk/devpv6.htm ).  Unfortunately IPsec is not
available for IPv4 in the INRIA implementation.

Compiling the WIDE implementation is quite hard because of misnamed
structure fields, etc. And the kernels dumps core sometimes...  The most
important argument against the WIDE IPv6 (for me) that the applications
are not so tightly integrated to the system as in the INRIA.

The solutions would be the import INRIA IPv6 code and integrate WIDE or
ticl IPSec (with addition photurisd from OpenBSD and ISA KMP/Oakley).

Sincerely,
		Janos Mohacsi



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message