RE: FreeSWAN Release 1.93 ships!
On Sunday 09 December 2001 07:32 pm, Lucky Green
The big question is: will FreeS/WAN latest release after some 4 or 5 years of development finally both compile and install cleanly on current versions of Red Hat Linux, FreeS/WAN's purported target platform?
The latest releases of both Suse and Mandrake are both able to install kernels with Freeswan already integrated. It's a little newer addition to Mandrake, so you may want to use Suse. Suse makes it easy to set up encrypted file systems and other nice features. The major problem that holds back the development of FreeS/WAN is with its management. [Management that cares more about sitting on its pulpit, than getting useful software into the hands of people.] Unless things have changed recently, they still won't accept contributions from the US. This makes no sense. GPG is shipping with every Linux distribution I know of, and the German's take contributions from the US. The primary kernel developers have been willing to integrate crypto into the kernel since the crypto regs were lowered. It's the policy of no US contributions that's holding back Linux IPSEC. IMHO: If Freeswan had never been created, an alternate, more mature implementation would already exist in the mainline Linux kernel. --Anonymous
Anonymous said:
The major problem that holds back the development of FreeS/WAN is with its management. [Management that cares more about sitting on its pulpit, than getting useful software into the hands of people.] Unless things have changed recently, they still won't accept contributions from the US. This makes no sense. GPG is shipping with every Linux distribution I know of, and the German's take contributions from the US.
(From the pulpit:) Once we kick John Asscroft's unconstitutional ash outta town, bush George Bust along with more than a thousand other innocents, and eliminate the spectre of Judd Gregg and other retrograde stalinists 're-regulating' US crypto, then we'll think about polluting the precious bodily fluids of worldwide freeware privacy protection with the stench of US crypto policy. It probably won't happen for a few months. Or hadn't you noticed that the US government is not in much of a mood to follow the constitution or to tolerate dissent or privacy among the sleepy sheeplike citizens? They're doing their best to stamp that radical stuff out right here in the USSA, let alone let it cross the border into parts of the world that they don't have firmly under their thumb. Less than 100% support for every paranoid and senseless twitch of the current Administration is a demonstration not not only of treason but of active support for terrorism, which everyone knows is a terrible thing except when the US or Israel or Great Britain does it. Anybody reading this mailing list is already gonna be first up against the wall once the joy of arresting immigrant movers as 'terrorists' fades, and spying on 'domestic political groups' become fair game. Your packets are already in the lint screen on that big, big vacuum cleaner. And our new policy of maximum sentences for trivial 'crimes', like forgetting to file some form, reduces the expense and bother of actually trying suspects for the crimes that the agencies suspect them of. Of course you can confront your accusers! Did you or did you not jaywalk across Route 1 last July, Mr. May?
The primary kernel developers have been willing to integrate crypto into the kernel since the crypto regs were lowered. It's the policy of no US contributions that's holding back Linux IPSEC.
The reason I started the IPSEC-for-Linux project those many years ago was because Linux kernel releases used to be built in free countries, unlike the releases of most other operating systems. Now they aren't. Oops. Perhaps mr. or ms. 'anonymous' and the primary kernel developers didn't spend seven years making a principled tilt at the windmill of NSA's export controls. We overturned them by a pretty thin margin. The government managed to maneuver such that no binding precedents were set: if they unilaterally change the regulations tomorrow to block the export of public domain crypto, they wouldn't be violating any court orders or any judicial decisions. I.e. they are not BOUND by the policy change. They changed it "voluntarily", in order to sneak out of the court cases by the back door. Even today it is sometimes said that once Dan Bernstein ends his court case (which still continues today), the NSA is ready, willing, and able to slap the controls right back on. And it would take months or years in court -- and lots more volunteer citizen money spent for freedom, while the bastards spend tax money to lock us up -- to get the controls removed again. If the judges haven't changed their minds in the meantime. (You may have noticed that last month, the Second Circuit Court of Appeals accpted Judge Kaplan's half-lies-half-truth judgment 3-0 in the 2600 case appeal: Yes, absolutely, software is First Amendment protected speech. But no, somehow the First Amendment really doesn't mean what it means elsewhere; of *course* they can regulate the publication of software on flimsy grounds. Like that sometime later, somebody somewhere might potentially be somewhat hurt by something somebody else does with the software, if we don't eliminate that option by restricting the publication of that software now. Suppose the next crypto export court case happens in NY rather than CA? EFF would be proud to defend John Young and Perry Metzger, but all its lawyers might be in prison, charged by John Asscroft with "aiding terrorists by eroding our national unity and diminishing our resolve".)
IMHO: If Freeswan had never been created, an alternate, more mature implementation would already exist in the mainline Linux kernel.
Make my day. John Gilmore PS: Of course, the only software worth wasting your time on comes from those macho dudes of the U.S. of A. Those furriners don't even know how to speek the lingua proper, let alone write solid buggy code like Microsoft. High crypto math is all Greek to them. It's just lucky for Linus that he moved to the US, otherwise we'd all know his furrin software was crap too, even tho he tricked us by cloning it from Bell Labs.
On Mon, 10 Dec 2001, John Gilmore wrote:
NSA's export controls. We overturned them by a pretty thin margin. The government managed to maneuver such that no binding precedents were set: if they unilaterally change the regulations tomorrow to block the export of public domain crypto, they wouldn't be violating any court orders or any judicial decisions. I.e. they are not BOUND by the policy change.
That's not accurate. There have been several court rulings finding source code and such protected by the 1st. This would provide a lever that was not there previously. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
At 12:18 AM -0600 12/11/01, Jim Choate wrote:
On Mon, 10 Dec 2001, John Gilmore wrote:
NSA's export controls. We overturned them by a pretty thin margin. The government managed to maneuver such that no binding precedents were set: if they unilaterally change the regulations tomorrow to block the export of public domain crypto, they wouldn't be violating any court orders or any judicial decisions. I.e. they are not BOUND by the policy change.
That's not accurate. There have been several court rulings finding source code and such protected by the 1st. This would provide a lever that was not there previously.
In the most recent ruling, Universal v. Remerdez/Eric Corley 2600.com (00-9185), http://cryptome.org/mpaa-v-2600-cad.htm , the US Court of Appeals for the Second Circuit declined to overturn an injunction against the posting of DeCSS on the Internet. The Court held that software was speech, but did not enjoy the level of First Amendment protection accorded to pure speech because it is functional with little human intervention. This is a very disturbing precedent which I hope will be reversed on appeal, but given the post-9/11 mood and the limited technological understanding of most judges, I wouldn't count on it. Also I believe the U.S. Supreme Court has upheld export controls in the past, the First Amendment notwithstanding. Having a body of open source crypto software that is not entangled by any U.S. input is not a foolish idea. Surely there are good programers outside the U.S. who understand the importance of making FreeSWAN work seamlessly with Linux. Arnold Reinhold --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Tuesday 11 December 2001 06:29 am, Arnold G. Reinhold wrote:
Having a body of open source crypto software that is not entangled by any U.S. input is not a foolish idea.
Not when the body of software is critical for Linux and the widespread use of IPSec. If you want widespread adoption of IPSec in Linux, it needs to be in Linus' kernel. In order for this to happen, it is necessary for Linus and other people physically located in the United States need to be able to to contribute. Once Freeswan is in Linus' kernel, it will receive greater contribution and testing from both *inside* AND *outside* the United States. IMO: The current Freeswan policy *encourages* law makers to change the laws. Many companies have an invested interest in Linux. Those companies are willing to spend lots of money on lawyers to protect Linux. If IPSec is not part of Linux and is not in widespread Linux use, those companies will not have the need to defend us. We'll have kept crypto out of the hands of the people all on our own -- without the government's help. Do you really think that great programs like GNU Privacy Guard are going to magically disappear if the US government changes their regulations? Can they magically be erased from the net, just because some US contributions were made? - Dima --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
You make a good argument for dropping the non_U.S. only restriction. The risk may be worth the benefits of kernel integration. That could result in wider corporate use of IPSec to fight real security threats and make it much more difficult, politically, to suppress. My point was just that one cannot rely on the U.S. courts striking down any future crypto regulations. They should and I hope they would, but it not a sure thing. The most recent ruling is not favorable. I also wouldn't underestimate the U.S. government's ability to stifle crypto development if they choose to do so and get a green light from the courts. Note today's Warez crackdown. Maybe there is some compromise possible where a core crypto library is kept free of U.S. contributions? Arnold Reinhold At 10:27 AM -0800 12/11/01, Dima Holodovich wrote:
On Tuesday 11 December 2001 06:29 am, Arnold G. Reinhold wrote:
Having a body of open source crypto software that is not entangled by any U.S. input is not a foolish idea.
Not when the body of software is critical for Linux and the widespread use of IPSec. If you want widespread adoption of IPSec in Linux, it needs to be in Linus' kernel. In order for this to happen, it is necessary for Linus and other people physically located in the United States need to be able to to contribute. Once Freeswan is in Linus' kernel, it will receive greater contribution and testing from both *inside* AND *outside* the United States.
IMO: The current Freeswan policy *encourages* law makers to change the laws. Many companies have an invested interest in Linux. Those companies are willing to spend lots of money on lawyers to protect Linux. If IPSec is not part of Linux and is not in widespread Linux use, those companies will not have the need to defend us. We'll have kept crypto out of the hands of the people all on our own -- without the government's help.
Do you really think that great programs like GNU Privacy Guard are going to magically disappear if the US government changes their regulations? Can they magically be erased from the net, just because some US contributions were made?
- Dima
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
On Tue, 11 Dec 2001, Arnold G. Reinhold wrote:
In the most recent ruling, Universal v. Remerdez/Eric Corley 2600.com (00-9185), http://cryptome.org/mpaa-v-2600-cad.htm , the US Court of Appeals for the Second Circuit declined to overturn an injunction against the posting of DeCSS on the Internet. The Court held that software was speech, but did not enjoy the level of First Amendment protection accorded to pure speech because it is functional with little human intervention.
That's where 'press' comes into play. The 1st provides two protections. The first is to have an opinion and to express it, 'speech'. The second is 'press' which guarantees the right to share with other humans. Speech that is not shared, after all, is no better than speech not uttered. Now this explicitly protects the hardware and 'non-human' mechanisms that humans use to distribute their speech. The courts will eventually find that the sharing of speech, irrespective of mechanism, is protected. To deny an individual a mechanism to share their speech is in fact a violation of their speech. In addition the first does NOT draw ANY distinctions about what sorts of speech are or are not protected, it simply says 'speech' is protected. -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Sigh. Choate on court decisions is like Ashcroft on civil liberties. Neither understands them. (Though I admit that Choate makes a common-sense point that does not, alas, jibe the rulings in the crypto cases.) -Declan On Tue, Dec 11, 2001 at 06:12:17PM -0600, Jim Choate wrote:
On Tue, 11 Dec 2001, Arnold G. Reinhold wrote:
In the most recent ruling, Universal v. Remerdez/Eric Corley 2600.com (00-9185), http://cryptome.org/mpaa-v-2600-cad.htm , the US Court of Appeals for the Second Circuit declined to overturn an injunction against the posting of DeCSS on the Internet. The Court held that software was speech, but did not enjoy the level of First Amendment protection accorded to pure speech because it is functional with little human intervention.
That's where 'press' comes into play. The 1st provides two protections. The first is to have an opinion and to express it, 'speech'. The second is 'press' which guarantees the right to share with other humans. Speech that is not shared, after all, is no better than speech not uttered. Now this explicitly protects the hardware and 'non-human' mechanisms that humans use to distribute their speech. The courts will eventually find that the sharing of speech, irrespective of mechanism, is protected. To deny an individual a mechanism to share their speech is in fact a violation of their speech. In addition the first does NOT draw ANY distinctions about what sorts of speech are or are not protected, it simply says 'speech' is protected.
-- ____________________________________________________________________
Day by day the Penguins are making me lose my mind.
Bumper Sticker
The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Wed, 12 Dec 2001, Declan McCullagh wrote:
Sigh. Choate on court decisions is like Ashcroft on civil liberties. Neither understands them.
Ad hominim, ad hominim, ad nausium. Grow up Declan.
(Though I admit that Choate makes a common-sense point that does not, alas, jibe the rulings in the crypto cases.)
The rulings ARE what we're talking about changing. In addition we're not talking about what IS but what SHOULD be. Your assertions of 'how it will be' and 'how it should be' are no more valid than mine (and a hell of a lot less accurate if you go back and look at what actually happened). No, the current bitching over crypto and IP will be resolved in the next ten years. One way or another. And to decide how we, as individuals, should participate and to what end is guided by NOTHING else than common sense (Isn't there a very important book with a similar title that's of some import to this discussion?). -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Jim Choate wrote:
On Wed, 12 Dec 2001, Declan McCullagh wrote:
Sigh. Choate on court decisions is like Ashcroft on civil liberties. Neither understands them.
Ad hominim, ad hominim, ad nausium.
Gee - don't you think that if you're going to use hifalutin terms like "ad hominem" and "ad nauseam," you ought to learn how they're spelled? Not knowing how they are spelled sorta makes people think you might not know what they mean... Marc de Piolenc
On Wed, 12 Dec 2001, F. Marc de Piolenc wrote:
Gee - don't you think that if you're going to use hifalutin terms like
"ad hominem" and "ad nauseam," you ought to learn how they're spelled?
Not knowing how they are spelled sorta makes people think you might not know what they mean...
If your only bitch is spelling then the argument must be pretty sound. (Oh yeah, bitching about the spelling instead of the argument is an ad hominim as well) -- ____________________________________________________________________ Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Jim Choate wrote:
On Wed, 12 Dec 2001, Declan McCullagh wrote:
Sigh. Choate on court decisions is like Ashcroft on civil liberties. Neither understands them.
Ad hominim, ad hominim, ad nausium.
Gee - don't you think that if you're going to use hifalutin terms like "ad hominem" and "ad nauseam," you ought to learn how they're spelled? Not knowing how they are spelled sorta makes people think you might not know what they mean... Marc de Piolenc
John Gilmore wrote:
Anonymous said:
The major problem that holds back the development of FreeS/WAN is with its management. [Management that cares more about sitting on its pulpit, than getting useful software into the hands of people.] Unless things have changed recently, they still won't accept contributions from the US. This makes no sense. GPG is shipping with every Linux distribution I know of, and the German's take contributions from the US.
(From the pulpit:)
Once we kick John Asscroft's unconstitutional ash outta town, bush George Bust along with more than a thousand other innocents, and eliminate the spectre of Judd Gregg and other retrograde stalinists 're-regulating' US crypto, then we'll think about polluting the precious bodily fluids of worldwide freeware privacy protection with the stench of US crypto policy. ...
Beyond doubt it is important to keep FreeS/WAN free, specifically to continue development in ways that keep it clear of US regulations. I think that means not taking US contributions to the code. Various Americans have made important contributions by testing, reporting bugs, joining design discussions and so on, just not code. To me, the interesting question is what can we do to get FreeS/WAN more widely distributed, without giving up that freedom. FreeS/WAN is already included in several Linux distributions not produced in the US. SuSE, Mandrake, Conectiva, ... For a list, see: http://www.freeswan.org/freeswan_trees/freeswan-1.94/doc/intro.html#products However, RedHat does not include it. The issue doesn't seem to be just that they don't ship crypto. Checking the RPMs on RedHat 7.2, I find GnuPG, OpenSSH, OpenSSL, CIPE, ... but not FreeS/WAN. So should we just suggest that everyone buy distributions that do include FreeS/WAN? Or is there something we should be doing to get RedHat, and Debian, and other US-based distributions to include it? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
Or is there something we should be doing to get RedHat, and Debian, and other US-based distributions to include it?
Absolutely. It's already pretty secure. We should just make it trivial to install, automatic, transparent, self-configuring, painless to administer, and free of serious bugs. Then they'll have every reason to drop it in. John --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (8)
-
Anonymous -
Arnold G. Reinhold -
Declan McCullagh -
Dima Holodovich -
F. Marc de Piolenc -
Jim Choate -
John Gilmore -
Sandy Harris