On Tue, Jul 15, 2003 at 11:28:30PM +0200, martin f krafft wrote: > also sprach Mike Fedyk <mfedyk@matchmail.com> [2003.07.15.2304 +0200]: > > Unfortunately, what they are doing to keep the possibility of the > > US government trying to take action against them, has caused the > > mainline kernel developers to refuse to include their work in the > > mainline kernel. > > I haven't followed this at all. Is there a comprehensive link? Basically what's happening is that FreeS/WAN very emphatically refuses to accept any contributions from US citizens. The David Miller, who is basically *the* Linux network stack guru, is a US citizen, freeswan's position didn't sit well with him. Of course, the kernel developers could have forked freeswan; why they didn't I don't know. Basically, you have to look at freeswan as a political statement as much as as a security tool. If you know much about security, you can easily see why opportunistic encryption, which is basically where freeswan fucuses its efforts, is useless as a security tool. They're doing it for the politics, with security as a side effect. This isn't surprising, when you look at what the freeswan founder has done in the past. I'm not saying that I don't trust FreeS/WAN's security or the people who develop it, or that I disagree with the politics. FreeS/WAN is a very well written piece of code that I use regularly. One cool thing to note is that Herbert Xu has created patches for the freeswan userland code that allow it to work with KLIPS or the native Linux IPsec. That way you should be able to gradually move to the new IPsec code, rather than have to worry about changing (and configuring and debugging) the userland and kernel stuff at once. See the linux-net archives for more info on this. noah
Attachment:
pgp3Iir1Szmxw.pgp
Description: PGP signature