From owner-freebsd-hackers  Wed Dec  2 17:49:12 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA07522
          for freebsd-hackers-outgoing; Wed, 2 Dec 1998 17:49:12 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from set.scient.com (set.Scient.COM [208.29.209.254])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id RAA07517
          for <hackers@FreeBSD.ORG>; Wed, 2 Dec 1998 17:49:10 -0800 (PST)
          (envelope-from enkhyl@scient.com)
Received: by set.scient.com; (5.65v4.0/1.3/10May95) id AA13703; Wed, 2 Dec 1998 17:48:21 -0800
Received: from somewhere by smtpxd
Date: Wed, 2 Dec 1998 17:48:09 -0800 (PST)
From: Christopher Nielsen <enkhyl@scient.com>
X-Sender: enkhyl@ender.sf.scient.com
Reply-To: cnielsen@pobox.com
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: Ollivier Robert <roberto@keltia.freenix.fr>, hackers@FreeBSD.ORG
Subject: Re: Can we just come to a decision on IPv6 and IPSec? 
In-Reply-To: <9801.912642136@zippy.cdrom.com>
Message-Id: <Pine.BSF.4.05.9812021645210.321-100000@ender.sf.scient.com>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 2 Dec 1998, Jordan K. Hubbard wrote:

> > They're supposed to be able to talk to each others. Key distribution (IKE)
> > is still a hot topic for every IPsec implementation anyway.
> 
> Yes, but Photuris seems to work "well enough" to serve OpenBSD's needs
> and all I'm looking for is an equivalent level of functionality.  I'll
> say it again, if either KAME or INRIA can give us _equivalent_
> functionality to what's being used today, I'd say the choice will be
> pretty clear since it's not the vaporware features we want to be
> basing our decision on.

I think OpenBSD just recently started to develop IKE in their IPsec
implementation (this is based on commit messages I saw go by).

The port that's sitting in the PR database uses Photuris, which only
supports pre-shared secrets. KAME is starting to use IKE for establishing
SAs (Security Associations). IKE is the future of IPsec.

KAME also supports IPsec in both IPv6 and IPv4.

Also, I'd say Mike Smith has a good point about three active, paid,
full-time developers for KAME, as well.

-- 
Christopher Nielsen
Scient: The eBusiness Systems Innovator
<http://www.scient.com>
cnielsen@scient.com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message