by redmail.netbsd.org with SMTP; 3 Mar 2000 03:30:04 -0000
	by lox.sandelman.ottawa.on.ca (8.8.7/8.8.8) with ESMTP id WAA26687
	for <tech-security@netbsd.org>; Thu, 2 Mar 2000 22:30:00 -0500 (EST)
Message-Id: <200003030329.WAA24765@sandelman.ottawa.on.ca>
To: tech-security@netbsd.org
Subject: Re: "racoon" installation 
In-Reply-To: Your message of "Fri, 03 Mar 2000 12:18:27 +0900."
             <21139.952053507@lychee.itojun.org> 
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Date: Thu, 02 Mar 2000 22:29:58 -0500
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>


>>>>> "Jun-ichiro" == Jun-ichiro itojun Hagino <itojun@iijlab.net> writes:
    Jun-ichiro> 	Hello.

    Jun-ichiro> 	KAME racoon (IKE daemon) is trying to improve certificate support.
    Jun-ichiro> 	Use of RSA is very popular for X.509 certificates.  Therefore, with
    Jun-ichiro> 	plain installation of NetBSD-current with crypto-{us,intl}, racoon
    Jun-ichiro> 	cannot support certificates.  It would be a bit pity situation.

  I would rather that we had dummy RSA code that called abort() such that
racoon would link and one could use pre-shared secrets. If one happened to
have built one's libcrypto with the extra code, then things work.

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: mcr@sandelman.ottawa.on.ca. PGP key available.