On Fri, May 16, 2003 at 05:43:21PM +0200, Giacomo Mulas wrote: > yes, but it was a fork from a specific version of freeswan, if I am not > mistaken. Which means that from that point on they parted ways... I did > not mean to understate the work done by Herbert Xu at all, sorry if I gave > you that impression. Sure, but Herbert's patch is intended to work with both KLIPS (freeswan) and Linux 2.5+, so assuming the Debian freeswan maintainer elects to apply it once it's stablized, one should have no problems using the freeswan userland tools on Debian no matter which kernel they're using. > I will have to try that, sooner or later, yours is not the first voice > I hear which states racoon is nicer to set up, but as long as my freeswan > setup works so nicely, I will probably be too lazy for it... > > The freeswan developers are way too focused on the opportunistic > > encryption thing, which I don't believe is particularly valuable. > > I don't need it either, but I would probably appreciate being able to use > it. I don't think it's possible to *need* opportunistic encryption. By its very nature it's unreliable. You have no guarantee that you've got an IPsec session with a given host, so you really can't rely on opportunistic encryption to provide you with any security. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp1Whdf2buB2.pgp
Description: PGP signature