From owner-freebsd-security  Sun Jun 24 11:53:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from server.soekris.com (soekris.com [216.15.61.44])
	by hub.freebsd.org (Postfix) with ESMTP
	id BFC6537B401; Sun, 24 Jun 2001 11:53:14 -0700 (PDT)
	(envelope-from soren@soekris.com)
Received: from soekris.com (soren.soekris.com [192.168.1.4])
	by server.soekris.com (8.9.2/8.9.2) with ESMTP id LAA53569;
	Sun, 24 Jun 2001 11:53:26 -0700 (PDT)
	(envelope-from soren@soekris.com)
Message-ID: <3B363713.2849219@soekris.com>
Date: Sun, 24 Jun 2001 11:53:07 -0700
From: Soren Kristensen <soren@soekris.com>
Organization: Soekris Engineering
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "Karsten W. Rohrbach" <karsten@rohrbach.de>
Cc: Dag-Erling Smorgrav <des@ofug.org>, hackers@FreeBSD.ORG,
	freebsd-security@FreeBSD.ORG
Subject: Re: Status of encryption hardware support in FreeBSD
References: <3B33A891.EC712701@soekris.com> <xzpn16x7uao.fsf@flood.ping.uio.no> <20010624181007.C52432@mail.webmonster.de> <xzpd77t7st6.fsf@flood.ping.uio.no> <20010624183147.F52432@mail.webmonster.de> <xzpzoax6dfc.fsf@flood.ping.uio.no> <20010624201456.A57877@mail.webmonster.de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

Thanks for the responses so far. First, let me say that I'm a hardware
guy, and don't know all the details of FreeBSD's network stack.

There is two common kind of hardware encryption acceleration, and I
think they're being mixed a little here.

SSL is for secure web access, and the main need is for Public Key
generating. This don't really have anything to do with the IP stack.
Afaik, OpenSSL is more like a extension to the web server software.

IPSec is for secure communication, and the main need is for symmetric
data encryption, typically using 3-DES. This need to be closely
integrated in the IP stack.

The boards I'm doing now, is based on a Hi/fn 7951, with is designed for
VPM routers doing IPSec. It's supported in OpenBSD 2.9.

And btw, hardware beats software anytime. The fastest PC processor right
now is about the same speed as the slowest hardware....

The reason why I posted originally was the figure out who are working on
these things, as I remember seing a post some time ago about work being
done to import some of the IPSec work from OpenBSD.
The Kame project people might be the ones to talk to, but isn't there a
need for a FreeBSD specifec hardware driver anyway ?

I will be happy to donate hardware to the FreeBSD project.


Regards,


Soren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message