From owner-freebsd-hackers  Thu Dec  3 02:23:13 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA25417
          for freebsd-hackers-outgoing; Thu, 3 Dec 1998 02:23:13 -0800 (PST)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from citadel.cdsec.com (citadel.cdsec.com [192.96.22.18])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA25408
          for <hackers@freebsd.org>; Thu, 3 Dec 1998 02:22:57 -0800 (PST)
          (envelope-from gram@cdsec.com)
Received: (from nobody@localhost) by citadel.cdsec.com (8.8.8/8.6.9) id MAA01091 for <hackers@freebsd.org>; Thu, 3 Dec 1998 12:22:38 +0200 (SAST)
Received: by citadel via recvmail id 1025; Thu Dec  3 12:21:55 1998
From: Graham Wheeler <gram@cdsec.com>
Message-Id: <199812031031.MAA29796@cdsec.com>
Subject: Re: Can we just come to a decision on IPv6 and IPSec?
To: hackers@FreeBSD.ORG
Date: Thu, 3 Dec 1998 12:31:37 +0200 (SAT)
X-Mailer: ELM [version 2.4 PL25-h4.1]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Just my $0.02:

We are currently using KAME in our firewall, which is running on 2.2.7 at
present. I know the concern is what about 3.x, but the KAME guys are aiming
at that. 

Our experience is that the KAME guys are putting in a serious amount of effort
(do they ever sleep, we sometimes wonder). The IPSec code is working well.
The IKE code does transport mode but not tunnel mode at present, and only 
uses shared secret keys at present. But work is progressing at a good rate.
Photuris may work, but never made it past the draft standard stage (even 
though it is arguably better than IKE). Photuris may be a short term solution,
but eventually IKE must be supported.

I'm not too familiar with the other IPSec implementations, but the level
of commitment and progress being made by the KAME group gets them our vote.


-- 
Dr Graham Wheeler                          E-mail: gram@cdsec.com
Citadel Data Security                      Phone:  +27(21)23-6065/6/7
Internet/Intranet Network Specialists      Mobile: +27(83)253-9864
Firewalls/Virtual Private Networks         Fax:    +27(21)24-3656
Data Security Products                     WWW:    http://www.cdsec.com/




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message