[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Openswan Users] NAT-T in native stack??

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul@xelerance.com> writes:
    Paul> has security implications. That is why it is disabled. 

    Paul> I will leave it up to Michael wether or not to change the
    Paul> current behaviour. 

  I'd like to hear from Rene:

  1) why this is necessary?		(L2TP with win2k is an answer,
					 but not a very good one)

  2) why Debian can't enable it as they see fit? (and therefore take
     responsibility for the issue!)

  3) if two kernel packages might be more appropriate.

  We have no test cases for transport-mode NAT-T. So, before it was
turned on, we'd need test cases for it to be written.

- --
]     "Elmo went to the wrong fundraiser" - The Simpson         |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQKqZCYqHRg3pndX9AQG7rAQAsl7Z1iuxvwlH7MFWxnZmkWi+ayCbWTHS
R0q+y3hnJJWADBKrzuWvEuzff1LQLAk3bGLJl9PrAiKaHp81mAnTChmNN+exTEhD
rR0nShMCkUhwgOEfsGXhOkS40g0T6RsUp8Sg1kCQVf2fveopKDx9IkMOpGT5G/pR
Fo5KygQDLeI=
=I7zq
-----END PGP SIGNATURE-----
Reply to: