Subject: "racoon" installation
To: None <tech-security@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-security
Date: 03/03/2000 12:18:27
by redmail.netbsd.org with SMTP; 3 Mar 2000 03:18:38 -0000
by itojun.org (8.9.3+3.2W/3.7W) with ESMTP id MAA21141
for <tech-security@netbsd.org>; Fri, 3 Mar 2000 12:18:27 +0900 (JST)
To: tech-security@netbsd.org
Subject: "racoon" installation
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Fri, 03 Mar 2000 12:18:27 +0900
Message-ID: <21139.952053507@lychee.itojun.org>
Hello.
KAME racoon (IKE daemon) is trying to improve certificate support.
Use of RSA is very popular for X.509 certificates. Therefore, with
plain installation of NetBSD-current with crypto-{us,intl}, racoon
cannot support certificates. It would be a bit pity situation.
I think of providing racoon as pkgsrc (pkgsrc/security/racoon),
instead of in base system (remove racoon from base system installation
in crypto-{us,intl}). With pkgsrc, we can make use of LICENSES check,
and dependency to pkgsrc/security/openssl.
It would ease the use of certificate-based IKE whenever possible.
Does it seem reasonable? Comments?
itojun