Subject: Re: ipv6 source address selection
To: Jonathan Stone <jonathan@Pescadero.dsg.stanford.edu>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= <jinmei@isl.rdc.toshiba.co.jp>
List: tech-net
Date: 09/26/2007 14:38:38
At Tue, 25 Sep 2007 13:55:26 -0700,
Jonathan Stone <jonathan@Pescadero.dsg.stanford.edu> wrote:

> >> I don't understand how the (FAST_)IPSEC implementation relates to
> >> RFC3484, but I don't know the answer anyway.
> >
> >There shouldn't be any relation. I was just asking because I
> >don't know how much FAST_IPSEC interferes with the IPv6 code.
> 
> Perhaps you meant to say you don't know how much FAST_IPSEC interferes
> with the *KAME* IPv6 code.
> 
> In practice, the choice is a config-time choice between one or the
> other.  NetBSD's stated plan is that the KAME code will be deprecated
> once FAST_IPSEC supports IPv6 and can functionally replace the KAME
> Ipv6 code.  I don't use IPv6, so can't speak to where the SoC project
> reached that milestone or not.

For what it's worth, FreeBSD has adapted its FAST_IPSEC for KAME-based
IPv6 stack and effectively deprecated the KAME-based IPsec
implementation.  It may be of interest for NetBSD developers.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp