Subject: Re: switching to ipsec-tool's racoon
To: Emmanuel Dreyfus <manu@netbsd.org>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-net
Date: 11/23/2004 08:07:28
--Apple-Mail-12-512280436
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; format=flowed


On Nov 23, 2004, at 12:38 AM, Emmanuel Dreyfus wrote:

> ipsec-tools is a racoon (the IKE daemon) fork initially aimed for 
> Linux.
> It incoporated many enhancements that our racoon lacks: NAT traversal,
> dead peer detection, hybrid authentication, ISAKMP mode config, and 
> many more.
>
> I'm planning to switch the in-tree racoon to ipsec-tools when the 0.5 
> version
> will be released.

I support making this change, but not until there are no functional 
regressions in the ipsec-tools racoon.  The recent GSS-API changes are 
still not merged into ipsec-tools racoon (I am working on that now).

If we do racoon, should we do libipsec and setkey, as well?  It should 
also be imported into src/crypto/dist/ipsec-tools, I guess.

         -- Jason R. Thorpe <thorpej@shagadelic.org>


--Apple-Mail-12-512280436
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQFBo2BAOpVKkaBm8XkRArSJAKC6tX9DpEcYKtG4OqB7HvSr7ACd3wCg1eqT
V6EikUquzAksoN21dqeedQc=
=+qJm
-----END PGP SIGNATURE-----

--Apple-Mail-12-512280436--