end of Freeswan

To: Debian Security <debian-security@lists.debian.org>
Subject: end of Freeswan
From: Paulo Ricardo <pauloric@contato.com.br>
Date: Wed, 03 Mar 2004 08:43:47 -0300
Message-id: <[🔎] 1078314226.1042.18.camel@pauloric.intranet>

Sorry for this notice guys.....8(

It's a pity.....

http://www.freeswan.org/ending_letter.html

-- 
                      The Linux FreeS/WAN Project


________________________________________________________________________
Introduction     Online Documentation     FreeS/WAN Download    
Old News     Related Tools     Helping Out     Bug Reports    
Maillist & Archives     IPSEC Community     History & Politics    
Credits     Home Page   !Lights! 
________________________________________________________________________
Dear FreeS/WAN Community,  
 

   After more than five years of active development, the FreeS/WAN
project will be coming to an end.

   The initial goal of the project was ambitious -- to secure the
Internet using opportunisitically negotiated encryption, invisible and
convenient to the user. For more, see our history page. A secondary goal
was to challenge then-current US export regulations, which prohibited
the export of strong cryptography (such as triple DES encryption) of US
origin or authorship. 

   Since the project's inception, there has been limited success on the
political front. After the watershed Bernstein case, US export
regulations were relaxed. Since then, many US companies have exported
strong cryptography, without seeming restriction other than having to
notify the Bureau of Export Administration for tracking purposes.

   This comfortable situation has perhaps created a false sense of
security. The catch? Export regulations are not laws. The US government
still reserves the right to change its export regulations on short
notice, and there is no facility to challenge them directly in a court
of law. This leaves the US crypto community and US Linux distributions
in a position which seems safe, but is not legally protected -- where
the US government might at any time *retroactively* regulate previously
released code, by prohibiting its future export. This is why FreeS/WAN
has always been developed outside the US (in Canada and in Greece), and
why it has never (to the best of our knowledge) accepted US patches.

   If FreeS/WAN has neither secured the Internet, nor secured the right
of US citizens to export software that could do so, it has still had
positive benefit.

   With version 1.x, the FreeS/WAN team created a mature, well-tested
IPsec VPN (Virtual Private Network) product for Linux. The Linux
community has relied on it for some time, and it (or a patched variant)
has shipped with several Linux distributions.

   With version 2.x, FreeS/WAN development efforts focussed on
increasing the usability of Opportunistic Encryption (OE), IPSec
encryption without prearrangement. Configuration was simplified,
FreeS/WAN's cryptographic offerings were streamlined, and the team
promoted OE through talks and outreach.

   However, nine months after the release of FreeS/WAN 2.00, OE has not
caught on as we'd hoped. The Linux user community demands feature-rich
VPNs for corporate clients, and while folks genuinely enjoy FreeS/WAN
and its derivatives, the ways they use FreeS/WAN don't seem to be
getting us any closer to the project's goal: widespread deployment of
OE. For its part, OE requires more testing and community feedback before
it is ready to be used without second thought. The project's funders
have therefore chosen to withdraw their funding.

   Anywhere you stop, a little of the road ahead is visible. FreeS/WAN
2.x might have developed further, for example to include ipv6 support.

   Before the project stops, the team plans to do at least one more
release. Release 2.06 will see FreeS/WAN making a late step toward its
goal of being a simple, secure OE product with the removal of Transport
Mode. This in keeping with one of Neils Fergusson's and Bruce Schneier's
security recommendations, in A Cryptographic Evaluation of IPsec. 2.06
will also feature KLIPS (FreeS/WAN's Kernel Layer IPsec machinery)
changes to faciliate use with the 2.6 kernel series.

   After Release 2.06, FreeS/WAN code will continue to be available for
public use and tinkering. Our website will stay up, and our mailing
lists at lists.freeswan.org will continue to provide a forum for users
to support one another. We expect that FreeS/WAN and its derivatives
will be widely deployed for some time to come.

   It is our hope that the public will one day be ready for, and demand,
transparent, opportunistic encryption. Perhaps then some adventurous
folks pick up FreeS/WAN 2.x and continue its development, making the
project's original goal a reality.

   Many thanks to the wonderful folks who've been part of the
lists.freeswan.org community over the last few years. Thanks to the
developers who've created patches and written HOWTOs. Thanks to the
volunteers who've donated Web space and time as system administrators.
Thanks to the distributors who've puzzled out the fine points of
integrating our software with others'. Finally, thanks to the users
who've tested our software, shared interoperation success stories, and
given others a helping hand. We couldn't have done it without you.

 
Best Regards,

Claudia Schmeing 
for the Linux FreeS/WAN Project

Paulo Ricardo Bruck - consultor
Contato Global Solutions
tel 011 3253-0985 011 288-4722  cel 011 9235-4327

Reply to:

Follow-Ups:
- Re: end of Freeswan
  - From: Dariush Pietrzak <eyck@forumakad.pl>
- Re: end of Freeswan
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: Big VPN
Next by Date: Re: Big VPN
Previous by thread: Re: Some clarifications about the Debian-security-HOWTO
Next by thread: Re: end of Freeswan
Index(es):
- Date
- Thread