From owner-freebsd-security  Tue Apr 21 16:52:57 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA23228
          for freebsd-security-outgoing; Tue, 21 Apr 1998 16:52:57 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from bagira.fsz.bme.hu (root@bagira.fsz.bme.hu [152.66.76.5])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA23153
          for <freebsd-security@freebsd.org>; Tue, 21 Apr 1998 23:52:18 GMT
          (envelope-from mohacsi@bagira.fsz.bme.hu)
Received: from localhost (mohacsi@localhost)
	by bagira.fsz.bme.hu (8.9.0.Beta5/8.9.0.Beta3+BME-IIT) with SMTP id AAA09738
	for <freebsd-security@freebsd.org>; Wed, 22 Apr 1998 00:57:54 +0200 (MET DST)
Date: Wed, 22 Apr 1998 00:57:53 +0200 (MET DST)
From: Janos Mohacsi <mohacsi@bagira.fsz.bme.hu>
To: freebsd-security@FreeBSD.ORG
Subject: IPv6 + IPSec
Message-ID: <Pine.SUN.3.96.980422005442.9694C-100000@bagira.fsz.bme.hu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk


Hi!
	The following message from me I did not see to get throught.
Sorry if it appears two times.

On Fri, 17 Apr 1998, Garrett Wollman wrote:

> Date: Fri, 17 Apr 1998 12:15:57 -0400 (EDT)
> From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
> Cc: Johan Allard <allard@NetMan.SE>,
>     Robert Watson <robert+freebsd@cyrus.watson.org>,
>     Dima Ruban <dima@best.net>, Matthew Hunt <mph@pobox.com>,
>     stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
> Subject: Re: kernel permissions 
> 
> <<On Fri, 17 Apr 1998 08:57:44 -0700, "Jordan K. Hubbard" <jkh@time.cdrom.com> said:
> 
> >> On the whish list I would like to add support for IPsec. It must be
> > The WIDE project folks have already implemented both IPsec and
> > IPv6 - we just need to incorporate their stuff without hopefully
> > pissing off any of the 1,473 different other IPv6 implementors out
> > there .: -)
> 
> If we could just get the WIDE people and the INRIA people (and the NRL
> people) to all coalesce around a single solution, we'd have a clear
> winner.

According to our test the most stable IPv6 implementation is the INRIA
IPv6 (The result of our test will due to published in TERENA Networking
Conference '98). Althought it does not contain either DES or other
cryptographic software all the hooks in the kernel are available to fill
out. (The necessary code is available from
http://www.ipv6.ticl.co.uk/devpv6.htm ).  Unfortunately IPsec is not
available for IPv4 in the INRIA implementation.

Compiling the WIDE implementation is quite hard because of misnamed
structure fields, etc. And the kernels dumps core sometimes...  The most
important argument against the WIDE IPv6 (for me) that the applications
are not so tightly integrated to the system as in the INRIA.

The solutions would be the import INRIA IPv6 code and integrate WIDE or
ticl IPSec (with addition photurisd from OpenBSD and ISA KMP/Oakley).

Sincerely,
		Janos Mohacsi






To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message