Subject: Re: IPsec blowfish interop
To: <>
From: None <>
List: tech-net
Date: 09/19/2000 06:37:51
>	As I mentioned before, at this moment IPsec blowfish support is rather
>	unstable.
>	- 1.5 branch has old IPsec ESP engine, and netbsd-current has new IPsec
>	  ESP engine
>	- they emit different ciphertext against the same plaintext, with
>	  blowfish only (other algorithm has no change)
>	- i'm convinced the new code is right, but there are other people
>	  who tells me the opposite
>	so for now, please refrain from using blowfish in mission-critical
>	application.  I hope to sort it out very soon, and repair either 1.5
>	or netbsd-current as soon as possible.

	it becamse apparent that old code was right.  i'll commit a fix to
	netbsd-current shortly (netbsd-current has been broken, from
	interoperability point of view, since early Sep).

	1.5 is okay, will remain okay, and should interop with others okay.