by redmail.netbsd.org with SMTP; 11 Mar 2000 22:41:07 -0000
	by vader.runit.sintef.no (8.8.8/8.8.8) with ESMTP id XAA11900;
	Sat, 11 Mar 2000 23:40:16 +0100 (MET)
To: mcr@sandelman.ottawa.on.ca
Cc: tech-security@netbsd.org
Subject: Re: "racoon" installation 
From: Havard.Eidnes@runit.sintef.no
In-Reply-To: Your message of "Thu, 02 Mar 2000 22:29:58 -0500"
	<200003030329.WAA24765@sandelman.ottawa.on.ca>
References: <200003030329.WAA24765@sandelman.ottawa.on.ca>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Message-Id: <20000311234014Z.he@runit.sintef.no>
Date: Sat, 11 Mar 2000 23:40:14 +0100
Lines: 14

>   I would rather that we had dummy RSA code that called abort()
> such that racoon would link and one could use pre-shared
> secrets. If one happened to have built one's libcrypto with the
> extra code, then things work.

I agree.  Isn't this primarily a problem for cryptosrc-us and/or
users in the US?  And the problem will go away later this year when
the RSA patent expires, right?

Given that, I think we should long-term strive for having a fully-
functional racoon integrated, and pick an interim solution which
causes the least amount of pain.

- H=E5vard