tech-security: "racoon" installation

Subject: "racoon" installation
To: None <tech-security@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
List: tech-security
Date: 03/03/2000 12:18:27

  by redmail.netbsd.org with SMTP; 3 Mar 2000 03:18:38 -0000
	by itojun.org (8.9.3+3.2W/3.7W) with ESMTP id MAA21141
	for <tech-security@netbsd.org>; Fri, 3 Mar 2000 12:18:27 +0900 (JST)
To: tech-security@netbsd.org
Subject: "racoon" installation
From: Jun-ichiro itojun Hagino <itojun@iijlab.net>
Date: Fri, 03 Mar 2000 12:18:27 +0900
Message-ID: <21139.952053507@lychee.itojun.org>

	Hello.

	KAME racoon (IKE daemon) is trying to improve certificate support.
	Use of RSA is very popular for X.509 certificates.  Therefore, with
	plain installation of NetBSD-current with crypto-{us,intl}, racoon
	cannot support certificates.  It would be a bit pity situation.

	I think of providing racoon as pkgsrc (pkgsrc/security/racoon),
	instead of in base system (remove racoon from base system installation
	in crypto-{us,intl}).  With pkgsrc, we can make use of LICENSES check,
	and dependency to pkgsrc/security/openssl.
	It would ease the use of certificate-based IKE whenever possible.

	Does it seem reasonable?  Comments?

itojun