Date: Wed, 22 Apr 1998 12:09:51 +0200 (SAT) From: Ian Cooper <ian@cdsec.com> To: freebsd-security@FreeBSD.ORG Subject: Re: IPv6 + IPSec Message-ID: <199804221009.MAA22173@cdsec.com> In-Reply-To: <Pine.SUN.3.96.980422005442.9694C-100000@cdsec.com> from "Janos Mohacsi" at Apr 22, 98 00:57:53 am
next in thread | previous in thread | raw e-mail | index | archive | help
My personal experience for what it is worth... > > Compiling the WIDE implementation is quite hard because of misnamed > structure fields, etc. And the kernels dumps core sometimes... The most > important argument against the WIDE IPv6 (for me) that the applications > are not so tightly integrated to the system as in the INRIA. Pluses 1. The diffs apply perfectly to a stock kernel 2. The code compiles without even a warning 3. The kernel is rock solid stable Minuses 1. IPSEC tunneling is not implemented 2. No provision is made for rfc1853 as a result of this, although the code to implement deencapsulation is pretty simple and short to implement Otherwise, I think it is pretty cleanly written. Should there be any volunteers to work on it, we'd be interested in the ISAKMP/Oakley stuff, and would be keen to work on an implementation in conjunction with others. The WIDE code would need tunnelling support in order to make it truly useful. > > The solutions would be the import INRIA IPv6 code and integrate WIDE or > ticl IPSec (with addition photurisd from OpenBSD and ISA KMP/Oakley). > > Sincerely, > Janos Mohacsi > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- Ian Cooper (ian@cdsec.com) Tel: +27 21 23-6065 Citadel Data Security Fax: +27 21 24-3656 Citadel Firewall, Citadel VPN Router Unit 3, 46 Orange Street http://www.cdsec.com Cape Town, South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804221009.MAA22173>