Subject: Re: IPSEC disabled by default - why?
To: None <itojun@iijlab.net>
From: Greg Troxel <gdt@ir.bbn.com>
List: current-users
Date: 06/18/2004 08:53:06
	no, that is not the reason.  the reason is that there are ftp mirror
	servers where tribution of strong crypto software is prohibited.

But the base system has openssl libraries and ssh.  So this argument
doesn't make sense to me, since NetBSD is already 'contaminated' with
strong crypto.  Plus, presumably these servers want source, and the
source is there.

We have INET6 in GENERIC, which is a lot of code that many people
don't need.  It seems to be an advocacy/boasting decision to have
that, so we can say we support v6 out of the box, and install over
it.  That's fine with me, but it seems that IPsec support out of the
box would be nice too, and really in the same category.

This is only a moderate annoyance for me,  but on several systems has
been the only reason I needed a custom kernel.

-- 
        Greg Troxel <gdt@ir.bbn.com>