Saving Opportunistic Encryption
Anonymous via the Cypherpunks Tonga Remailer
nobody at cypherpunks.to
Wed Mar 17 02:46:15 PST 2004
Hi,
Sandy Harris wrote:
>Tarapia Tapioco wrote:
>>A possible implementation looks like this:
>>...
>>
>>* Linux/KAME's IKE daemon racoon is patched to attempt retrieval of an
>> RSA key from said DNS repository and generate appropriate security
>> policies.
>>
>>Cleaner solution, but more work probably.
>
>Why would you use racoon? FreeS/WAN's Pluto is available, under GPL,
>already does OE, and works with 2.6 kernel IPsec (though I'm not
>certain if patches are needed for that). Wouldn't it be a better
>starting point?
I have to take a look at this. Using racoon was my first idea because it
seems to be the "official" Linux thing these days and is portable to the
*BSDs, too. It's probably only the NIH syndrome at work.
Also, using pluto suffers from the general FreeS/WAN problem of not allowing
contributions from USAians.
Anyway, thanks for the reminder - while the project is still at the
"half-assed idea tossing" state, hacking FreeS/WAN should still be an
option.
More information about the cypherpunks-legacy
mailing list