|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: linux-ipsec: Another draft effort: vpn mini-howto
Date: Tue Sep 08 1998 - 20:21:44 EDT
Currently we only have the IPSEC-mandated algorithms, which are free of such complications (with the possible exception of SHA1, which I'm told there is some dispute about).
There are actually one or two bits of code in the current distribution which are Berkeley-licensed rather than GPLed. That will be fixed.
> Relyabiltiy: Once one side dies, both sides have to be restarted (yes?)
Yes for Pluto-managed tunnels (although this will be fixed soon), but no for manually-keyed ones.
Our default encryption algorithm is 3DES, not DES. Nobody has found any actual crypto weaknesses in DES; it has fallen only to brute-force search of the key space. 3DES's key space is 5192296858534827628530496329220096 times bigger; an effective brute-force attack on 3DES is most unlikely.
> Interoperability: Will eventually be interoperaable with other IPSec
It's widely interoperable now if you use manual keying. Pluto is not yet very interoperable with other key-management daemons, but that will be fixed eventually.
> US Export: freely exportable ?
Considerable pains have been taken to keep FreeS/WAN it outside US export laws. Canadian export laws are quite similar to the US's, *except* that Canada has an amazingly sensible "mass market / public domain" exemption. FreeS/WAN is freely exportable from Canada. (Do remember, though, that this does not make it freely exportable from the US! The fact that it originally came from outside the US means nothing to US export law; once it's inside the country, it's tainted.)
Henry Spencer
henry@spsystems.net
(henry@zoo.toronto.edu)
Received on Tue Sep 8 21:03:52 1998This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |