From owner-freebsd-current  Wed Jul  5  3:47: 1 2000
Delivered-To: freebsd-current@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id B5A0D37B91A; Wed,  5 Jul 2000 03:46:59 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
Received: from localhost (kris@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA29745;
	Wed, 5 Jul 2000 03:46:59 -0700 (PDT)
	(envelope-from kris@FreeBSD.org)
X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs
Date: Wed, 5 Jul 2000 03:46:58 -0700 (PDT)
From: Kris Kennaway <kris@FreeBSD.org>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: current@FreeBSD.ORG
Subject: Re: KAME integration and plans 
In-Reply-To: <19381.962793651@critter.freebsd.dk>
Message-ID: <Pine.BSF.4.21.0007050342040.84259-100000@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 5 Jul 2000, Poul-Henning Kamp wrote:

> In message <Pine.BSF.4.21.0007050314090.84259-100000@freefall.freebsd.org>, Kri
> s Kennaway writes:
> 
> >I intend to MFC this stuff in 4 or 5 days assuming it doesn't present any
> >problems,
> 
> I'm sorry, but isn't that a tad fast, considering the scope of these
> changes ?

I forgot to mention that I discussed this with Jordan at Usenix and
(unless I'm mistaken) he okayed the general plan.

These changes should only impact ipv6 and ipsec, with the exception of the
DNS resolver code which I'm still unsure about merging (even though it's
been well tested by KAME users, there remains the possibility of breakage
for ipv4 resolution if there are undiscovered bugs)

The bottom line is that we *need* the updated IPSEC code if FreeBSD is to
be a viable IPSEC platform. At the moment it's really only usable for
interoperating with other FreeBSD machines because in the real world
people use an IKE daemon, which the older (currently in 4.0) code does not
support.

Delaying this another 3 months for 4.2 is, IMO, far too long to wait if
we're going to be competitive in the IPSEC arena.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message