From owner-freebsd-security  Wed Mar 10 17:56: 0 1999
Delivered-To: freebsd-security@freebsd.org
Received: from adk.gr (COREDUMP.CIS.UPENN.EDU [158.130.6.141])
	by hub.freebsd.org (Postfix) with ESMTP id EE60D151CB
	for <freebsd-security@FreeBSD.ORG>; Wed, 10 Mar 1999 17:55:53 -0800 (PST)
	(envelope-from angelos@dsl.cis.upenn.edu)
Received: from dsl.cis.upenn.edu (localhost [127.0.0.1])
	by adk.gr (8.9.2/8.9.1) with ESMTP id UAA23785;
	Wed, 10 Mar 1999 20:55:16 -0500 (EST)
Message-Id: <199903110155.UAA23785@adk.gr>
X-Mailer: exmh version 2.0.2 2/24/98
To: ob1k <ob1k@mindspring.com>
Cc: Marco Molteni <molter@tin.it>, freebsd-security@FreeBSD.ORG
Subject: Re: disapointing security architecture 
In-reply-to: Your message of "Wed, 10 Mar 1999 20:47:12 GMT."
             <Pine.BSF.4.05.9903102045370.294-100000@Cupcake.mindspring.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 10 Mar 1999 20:55:16 -0500
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


In message <Pine.BSF.4.05.9903102045370.294-100000@Cupcake.mindspring.com>, ob1
k writes:
>
>> > An other point OpenBSD made some steps forward: they have IPSec (PF_KEY
>> > v2 !!).
>> 
>> 1. PF_KEY != IPsec.

Sorry for jumping in here, I'd just like to point out that OpenBSD does have an
IPsec stack as well (has had one for a bit over 2 years); PFKEYv2 was added
recently, replacing the PFENCAP interface used before.

If you use the KAME code, I would suggest using the OpenBSD isakmpd with it
(once it's been converted to PFKEYv2, should be before the end of the month).
Cheers,
-Angelos





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message