Re: [Design] IPSec in 2.5 Kernel?

From: Jim Carter <jimc(at)math.ucla.edu>
Date: Thu Mar 20 2003 - 14:02:00 EST

On Thu, 20 Mar 2003, John S. Denker wrote:
> I get 5 hits (none useful) from:
> http://www.google.com/search?q=raccoon+vpn+dhcp+documentation

I got burned on this too. Try calling it "racoon". I couldn't tell on their web site why they misspelled the name -- acronym?

Not to express support for either side of the flame war, but I would be interested to see an analysis of what would happen if just about every net connection were encrypted by {old vs. new} KLIPS and managed by {pluto vs. racoon}. Like a resource analysis. This would take cooperation between people thoroughly familiar with the various programs. "My module takes 4KB per connection" is more useful than "your module won't scale".

And also important in such an analysis is the impact on the sysop, typically the clueless end user. Go through a day in your laptop's life -- boot, connect to home wireless net, suspend, jack in to wired net at work, walk to a neighboring department (with wireless) without suspending, etc. ad infinitum. On the other end, watch the big server setting up connections which the peers use for 10 packets and then allow to time out. Is the sysop at either end going to have to do a bunch of stuff per connection, so that ipsec is seen as useful only in a special threat environment, when safety is worth the hassle of turning it on? Or can we set it up similar to wireless networking, so (with the right tools, presetting the WEP key, etc.) it "just works"?

The latter case most advances the political goals of the FreeS/WAN group. But that's not my experience at present with FreeS/WAN.

James F. Carter Voice 310 825 2897 FAX 310 206 6673 UCLA-Mathnet; 6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555 Email: jimc(at)math.ucla.edu http://www.math.ucla.edu/~jimc (q.v. for PGP key)

---

Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Thu Mar 20 16:57:17 2003