Date: Wed, 5 Jul 2000 03:46:58 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: current@FreeBSD.ORG Subject: Re: KAME integration and plans Message-ID: <Pine.BSF.4.21.0007050342040.84259-100000@freefall.freebsd.org> In-Reply-To: <19381.962793651@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 5 Jul 2000, Poul-Henning Kamp wrote:
> In message <Pine.BSF.4.21.0007050314090.84259-100000@freefall.freebsd.org>, Kri
> s Kennaway writes:
>
> >I intend to MFC this stuff in 4 or 5 days assuming it doesn't present any
> >problems,
>
> I'm sorry, but isn't that a tad fast, considering the scope of these
> changes ?
I forgot to mention that I discussed this with Jordan at Usenix and
(unless I'm mistaken) he okayed the general plan.
These changes should only impact ipv6 and ipsec, with the exception of the
DNS resolver code which I'm still unsure about merging (even though it's
been well tested by KAME users, there remains the possibility of breakage
for ipv4 resolution if there are undiscovered bugs)
The bottom line is that we *need* the updated IPSEC code if FreeBSD is to
be a viable IPSEC platform. At the moment it's really only usable for
interoperating with other FreeBSD machines because in the real world
people use an IKE daemon, which the older (currently in 4.0) code does not
support.
Delaying this another 3 months for 4.2 is, IMO, far too long to wait if
we're going to be competitive in the IPSEC arena.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0007050342040.84259-100000>