Re: linux-ipsec: Another draft effort: vpn mini-howto

> Because this is in use, I would hate to see one VPN Mini-Howto

There could be a mini-howto for VPN that is nothing more than an index into ways of securing ip. In addition to freeswan and ssh tunneling, it should also reference cipe and x-kernel. A compare and contrast would be useful in a number of areas: copyright restrictions, relyability (uptime), security, interoperability, us export controls. I've just spent the last day looking into this, starting from about zero. Here's what I found:

ssh
URL: http://www.cs.hut.fi/ssh
Protocol: ssh
Copyright: If you use it to make money, you have to buy it from www.datafellows.com.
Relyabiltiy: works
Security: no particular issues
Interoperability: I know of no other impliementations of the ssh protocol US Export: ?

freeswan
URL: http://www.xs4all.nl/~freeswan/
Protocol: IPSec
Copyright: GPL (Any issues surrounding Idea, RSA etc or is it only DES so there are no issues?)
Relyabiltiy: Once one side dies, both sides have to be restarted (yes?) Security: uses an old des?
Interoperability: Will eventually be interoperaable with other IPSec implimentations (cisco, ascend, etc.)
US Export: freely exportable ?

cipe
URL: http://sites.inka.de/~bigred/devel/cipe.html Protocol: cipe
Copyright: GPL, can use blowfish instead of idea and so can be completely free of copyright issues
Relyabiltiy: dunno, but probably good (can be configured so one side can die and be restarted.)
Security: dunno. probably good enough for the non-paranoid Interoperability: none
US Export: freely exportable

x-kernel
URL: http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html Protocol: IPSec (ish)
Copyright: free
Relyabiltiy: dunno, probably very good
Security: dunno, probably very good
Interoperability: Is not tracking IETF IPSec. Dosen't look like the code's been developed since May 97.
US Export: not exportable

Any corrections or enhancements are welcome. Received on Tue Sep 8 17:27:07 1998