[Users] Announce: FreeS/WAN Project Ending
Eugen Leitl
eugen at leitl.org
Tue Mar 2 07:40:21 PST 2004
On Tue, Mar 02, 2004 at 03:49:47AM +0100, Thomas Shaddack wrote: > I
maintain a small conglomerate of private and corporate networks. We use >
FreeS/WAN quite extensively, with great success - in last 2 years we had
> no drop-out caused by the crypto infrastructure fault. No attempt for >
opportunistic crypto on the IP level, though, at least not yet. What sank
FreeS/WAN for me (as compared to StarTLS for opportunistic email
encryption) is requirement to publish DNS records and KLIPS always
failing on next kernel upgrades. Opportunistic encryption suffers from
fax effect; FreeS/WAN made things unnecessarilly difficult. We have
KAME/Racoon support in OS X, and IPsec seem to have been present in
Windows since NT, OpenBSD has support, and now we see 2.6 kernels
becoming available (Knoppix, Fedora Core 2 test1 and Mandrake seem to
have it). What's needed is a good OE patch for 2.6.x which is activated
and shipped in mainstream Linux distros as default (fallback to plain
will probably produce visible delays). Until that happens, OE in IPsec
will remind largely a pipe dream, and only grow very slowly among the
early adopters. > It was a good project. Hope somebody picks up the torch
and keeps it > burning, possibly even brighter. Is there a protocol flaw
in IPsec which prevents it from going OE as StartTLS does? -- Eugen*
Leitl leitl
______________________________________________________________ ICBM:
48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014
B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org
http://nanomachines.net
[demime 1.01d removed an attachment of type application/pgp-signature]
More information about the cypherpunks-legacy
mailing list