On Wed, 5 Jul 2000, Poul-Henning Kamp wrote:

> In message <[EMAIL PROTECTED]>, Kri
> s Kennaway writes:
> >I intend to MFC this stuff in 4 or 5 days assuming it doesn't present any
> >problems,
> I'm sorry, but isn't that a tad fast, considering the scope of these
> changes ?

I forgot to mention that I discussed this with Jordan at Usenix and
(unless I'm mistaken) he okayed the general plan.

These changes should only impact ipv6 and ipsec, with the exception of the
DNS resolver code which I'm still unsure about merging (even though it's
been well tested by KAME users, there remains the possibility of breakage
for ipv4 resolution if there are undiscovered bugs)

The bottom line is that we *need* the updated IPSEC code if FreeBSD is to
be a viable IPSEC platform. At the moment it's really only usable for
interoperating with other FreeBSD machines because in the real world
people use an IKE daemon, which the older (currently in 4.0) code does not

Delaying this another 3 months for 4.2 is, IMO, far too long to wait if
we're going to be competitive in the IPSEC arena.


In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <[EMAIL PROTECTED]>

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to