List-Archive: https://mj2.freeswan.org/archives
Sender: users-owner@mj2.freeswan.org
-----BEGIN PGP SIGNED MESSAGE-----
Dear FreeS/WAN community,
After more than five years of active development, the FreeS/WAN project will be
coming to an end.
The initial goal of the project was ambitious -- to secure the Internet
using opportunisitically negotiated encryption, invisible and convenient
to the user. (for more, see http://www.freeswan.org/history.html).
A secondary goal was to challenge then-current US export regulations,
which prohibited the export of strong cryptography (such as triple DES
encryption) of US origin or authorship.
Since the project's inception, there has been limited success on the
political front. After the watershed Bernstein case (see
http://www.eff.org/Privacy/Crypto_export/Bernstein_case/ )
US export regulations were relaxed. Since then, many US companies have exported
strong cryptography, without seeming restriction other than having to notify
the Bureau of Export Administration for tracking purposes.
This comfortable situation has perhaps created a false sense of security.
The catch? Export regulations are not laws. The US government still
reserves the right to change its export regulations on short notice, and
there is no facility to challenge them directly in a court of law. This leaves
the US crypto community and US Linux distributions in a position which seems
safe, but is not legally protected -- where the US government might at any time
*retroactively* regulate previously released code, by prohibiting its future
export. This is why FreeS/WAN has always been developed outside the US (in
Canada and in Greece), and why it has never (to the best of our knowledge)
accepted US patches.
If FreeS/WAN has neither secured the Internet, nor secured the right of US
citizens to export software that could do so, it has still had positive
benefit.
With version 1.x, the FreeS/WAN team created a mature, well-tested IPsec VPN
(Virtual Private Network) product for Linux. The Linux community has relied
on it for some time, and it (or a patched variant) has shipped with several
Linux distributions.
With version 2.x, FreeS/WAN development efforts focussed on increasing the
usability of Opportunistic Encryption (OE), IPSec encryption without
prearrangement. Configuration was simplified, FreeS/WAN's cryptographic
offerings were streamlined, and the team promoted OE through talks and
outreach.
However, nine months after the release of FreeS/WAN 2.00, OE has not caught
on as we'd hoped. The Linux user community demands feature-rich VPNs for
corporate clients, and while folks genuinely enjoy FreeS/WAN and its
derivatives, the ways they use FreeS/WAN don't seem to be getting us any
closer to the project's goal: widespread deployment of OE. For its part, OE
requires more testing and community feedback before it is ready to be used
without second thought. The project's funders have therefore chosen to
withdraw their funding.
Anywhere you stop, a little of the road ahead is visible. FreeS/WAN 2.x
might have developed further, for example to include ipv6 support.
Before the project stops, the team plans to do at least one more release.
Release 2.06 will see FreeS/WAN making a late step toward its goal of being
a simple, secure OE product with the removal of Transport Mode. This in
keeping with one of Neils Fergusson's and Bruce Schneier's security
recommendations, in _A Cryptographic Evaluation of IPsec_
(http://www.counterpane.com/ipsec.pdf). 2.06 will also feature KLIPS
(FreeS/WAN's Kernel Layer IPsec machinery) changes to faciliate use with the
2.6 kernel series.
After Release 2.06, FreeS/WAN code will continue to be available for public use
and tinkering. Our website will stay up, and our mailing lists at
lists.freeswan.org will continue to provide a forum for users to support one
another. We expect that FreeS/WAN and its derivatives will be widely deployed
for some time to come.
It is our hope that the public will one day be ready for, and demand,
transparent, opportunistic encryption. Perhaps then some adventurous folks
pick up FreeS/WAN 2.x and continue its development, making the project's
original goal a reality.
Many thanks to the wonderful folks who've been part of the lists.freeswan.org
community over the last few years. Thanks to the developers who've created
patches and written HOWTOs. Thanks to the volunteers who've donated Web space
and time as system administrators. Thanks to the distributors who've puzzled
out the fine points of integrating our software with others'. Finally, thanks
to the users who've tested our software, shared interoperation success stories,
and given others a helping hand. We couldn't have done it without you.
Best Regards,
Claudia Schmeing
for the Linux FreeS/WAN Project
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBQEOI23DIYXPDEHodAQG1VAP/cy4kK4oRV73YzIokEhElnbg841v/fKN5
v6s//gi/1zfJWVrG2uX9X4ZMi0ebQGFN0J5zr/rhsy2fYcdlDJyaiQvFqyFzzrk9
XUAIYjI+tdB/Fu8StfdutPf29ZdT6igOHI54uH4kYOXtIpj1b/H21SsZEPR+dni3
eZSNoxgDQNo=
=iLJC
-----END PGP SIGNATURE-----
_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
--- end forwarded text
--
-----------------
R. A. Hettinga
The Internet Bearer Underwriting Corporation http://www.ibuc.com/
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
