Re: [Users] Announce: FreeS/WAN Project Ending (fwd from eugen@leitl.org)
Can we demime the mails on this node? - Forwarded message from Eugen Leitl [EMAIL PROTECTED] - From: Eugen Leitl [EMAIL PROTECTED] Date: Tue, 2 Mar 2004 16:40:21 +0100 To: Thomas Shaddack [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Users] Announce: FreeS/WAN Project Ending User-Agent: Mutt/1.4i On Tue, Mar 02, 2004 at 03:49:47AM +0100, Thomas Shaddack wrote: I maintain a small conglomerate of private and corporate networks. We use FreeS/WAN quite extensively, with great success - in last 2 years we had no drop-out caused by the crypto infrastructure fault. No attempt for opportunistic crypto on the IP level, though, at least not yet. What sank FreeS/WAN for me (as compared to StarTLS for opportunistic email encryption) is requirement to publish DNS records and KLIPS always failing on next kernel upgrades. Opportunistic encryption suffers from fax effect; FreeS/WAN made things unnecessarilly difficult. We have KAME/Racoon support in OS X, and IPsec seem to have been present in Windows since NT, OpenBSD has support, and now we see 2.6 kernels becoming available (Knoppix, Fedora Core 2 test1 and Mandrake seem to have it). What's needed is a good OE patch for 2.6.x which is activated and shipped in mainstream Linux distros as default (fallback to plain will probably produce visible delays). Until that happens, OE in IPsec will remind largely a pipe dream, and only grow very slowly among the early adopters. It was a good project. Hope somebody picks up the torch and keeps it burning, possibly even brighter. Is there a protocol flaw in IPsec which prevents it from going OE as StartTLS does? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
Re: [Users] Announce: FreeS/WAN Project Ending
On Tue, 2 Mar 2004, Justin wrote: From: Claudia Schmeing [EMAIL PROTECTED] Subject: [Users] Announce: FreeS/WAN Project Ending Dear FreeS/WAN community, After more than five years of active development, the FreeS/WAN project will be coming to an end. Is anyone disappointed? Yes. Is anyone surprised? Mildly. FreeS/WAN garroted itself by refusing to take code contributions from people inside the U.S., out of fear that the BXA would retroactively change export policy and render those contributions poisonous. Is there anybody with enough organizational/leadership skills to take over the project, preferably located further away of the US influence than Canada is? Export policies are relevant only when enforceable. FreeS/WAN made no serious attempt to integrate with the linux kernel's routing infrastructure, no doubt due in part to the first issue above. That could be relieved, given developers and skilled leadership. FreeS/WAN configuration was, and probably still is, not very intuitive; diagnostics were and probably are similarly poor. Again, this can be relieved, given the developers. Corporations, the major users of VPNs, usually use dedicated vpn boxes with support from a commercial VPN provider. If any such providers base their VPN products on FreeS/WAN, it's probably heavily modified. I maintain a small conglomerate of private and corporate networks. We use FreeS/WAN quite extensively, with great success - in last 2 years we had no drop-out caused by the crypto infrastructure fault. No attempt for opportunistic crypto on the IP level, though, at least not yet. It was a good project. Hope somebody picks up the torch and keeps it burning, possibly even brighter.
Re: [Users] Announce: FreeS/WAN Project Ending
good news snipped :) And sure, you use FreeS/WAN, and a company I used to work for used it too. There are employees of many other companies who post to the FreeS/WAN lists. But that's hardly representative of the majority of companies. Majority as in number of employees, or as in count? Do mom-and-pop shops count as companies? Do we count majority as a share of all companies, or only as a share of some-kind-of-a-VPN users?
Re: [Users] Announce: FreeS/WAN Project Ending
On Tue, Mar 02, 2004 at 03:49:47AM +0100, Thomas Shaddack wrote: I maintain a small conglomerate of private and corporate networks. We use FreeS/WAN quite extensively, with great success - in last 2 years we had no drop-out caused by the crypto infrastructure fault. No attempt for opportunistic crypto on the IP level, though, at least not yet. What sank FreeS/WAN for me (as compared to StarTLS for opportunistic email encryption) is requirement to publish DNS records and KLIPS always failing on next kernel upgrades. Opportunistic encryption suffers from fax effect; FreeS/WAN made things unnecessarilly difficult. We have KAME/Racoon support in OS X, and IPsec seem to have been present in Windows since NT, OpenBSD has support, and now we see 2.6 kernels becoming available (Knoppix, Fedora Core 2 test1 and Mandrake seem to have it). What's needed is a good OE patch for 2.6.x which is activated and shipped in mainstream Linux distros as default (fallback to plain will probably produce visible delays). Until that happens, OE in IPsec will remind largely a pipe dream, and only grow very slowly among the early adopters. It was a good project. Hope somebody picks up the torch and keeps it burning, possibly even brighter. Is there a protocol flaw in IPsec which prevents it from going OE as StartTLS does? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
Re: [Users] Announce: FreeS/WAN Project Ending
Thomas Shaddack (2004-03-02 02:49Z) wrote: It was a good project. Hope somebody picks up the torch and keeps it burning, possibly even brighter. And for anyone unhappy with the linux 2.6 implementation, this forked just a few months ago: http://www.openswan.org/ -- That woman deserves her revenge, and... we deserve to die. -Budd, Kill Bill
