[Users] Announce: FreeS/WAN Project Ending

[Eugen Leitl]

On Tue, Mar 02, 2004 at 03:49:47AM +0100, Thomas Shaddack wrote:

> I maintain a small conglomerate of private and corporate networks. We use
> FreeS/WAN quite extensively, with great success - in last 2 years we had
> no drop-out caused by the crypto infrastructure fault. No attempt for
> opportunistic crypto on the IP level, though, at least not yet.

What sank FreeS/WAN for me (as compared to StarTLS for opportunistic email
encryption) is requirement to publish DNS records and KLIPS always failing on
next kernel upgrades. 

Opportunistic encryption suffers from fax effect; FreeS/WAN made things unnecessarilly difficult.
We have KAME/Racoon support in OS X, and IPsec seem to have been present in
Windows since NT, OpenBSD has support, and now we see 2.6 kernels becoming
available (Knoppix, Fedora Core 2 test1 and Mandrake seem to have it).

What's needed is a good OE patch for 2.6.x which is activated and shipped in
mainstream Linux distros as default (fallback to plain will probably produce
visible delays). Until that happens, OE in IPsec will
remind largely a pipe dream, and only grow very slowly among the early
adopters.
 
> It was a good project. Hope somebody picks up the torch and keeps it
> burning, possibly even brighter.

Is there a protocol flaw in IPsec which prevents it from going OE as StartTLS
does?

-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net



----- End forwarded message -----
-- Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net