From owner-freebsd-security  Sat Feb 28 21:05:14 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA10688
          for freebsd-security-outgoing; Sat, 28 Feb 1998 21:05:14 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA10674
          for <freebsd-security@FreeBSD.ORG>; Sat, 28 Feb 1998 21:05:07 -0800 (PST)
          (envelope-from robert@cyrus.watson.org)
Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id AAA14534; Sun, 1 Mar 1998 00:04:24 -0500 (EST)
Date: Sun, 1 Mar 1998 00:01:55 -0500 (EST)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@trojanhorse.pr.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Ollivier Robert <roberto@keltia.freenix.fr>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: crypto tunnel - international
In-Reply-To: <19980301025112.A25490@keltia.freenix.fr>
Message-ID: <Pine.BSF.3.96.980228235805.25827A-100000@trojanhorse.pr.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

On Sun, 1 Mar 1998, Ollivier Robert wrote:

> According to Jordan K. Hubbard:
> > I really don't see what OpenBSD can export which we cannot and it would
> > be really nifty if you could give us details on what is missing from
> > FreeBSD.
> 
> They have IPsec in /usr/src along with Photuris (key management).

IPsec sounds great, but I was under the impression that Photuris was
largely not happening, and that ISA-KMP was being used.  I'm a little
behind in the IPsec world, but the impression I last had was
"ISA-KMP/Oakley: feature-poor, here today, and well-presented; Photuris: 
does everything, not here today, and with a very split design base because
of disagreements in the working group" or something.

I was also under the impression that the FreeBSD reason for holding out in
having an IPsec implementation shipped with the system was that the
plethora of implementations out there had largely not matured, and we
would wait for a clear winner.

Again, I haven't followed IPsec closely at all -- DNSsec and distributed
file system security (Coda, etc) are really my areas of interest :).

  Robert N Watson 

Carnegie Mellon University http://www.cmu.edu/
SafePort Network Services  http://www.safeport.com/
robert@fledge.watson.org   http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message