[rescue] This Just In: HP to buy Compaq
Al Potter
rescue at sunhelp.org
Wed Sep 5 21:11:49 CDT 2001
ward at zilla.nu said:
> Yeah, I hear that a lot. It reminds me of the FreeS/WAN project.
> First: "We don't do aggressive mode yet, but we're working on it!"
> Later: "Due to our design, aggressive mode is proving very difficult."
> Now: "Aggressive mode is too insecure. We will not implement it."
Yahh... I hear you...
I am an IPSec junkie because of the job (I manage the labs that do this:
http://www.icsalabs.com/html/communities/ipsec/index.shtml) so I follow
freeswan fairly closely, and am very aware of factors like Josh cites:
jdboyd at cs.millersville.edu said:
> For the Unix98 "problem", I answer that is something not Unix just
> because there isn't a central authority to pay for the certification?
Linux (or [Open|Free|Net]BSD) firewalling and IPSec code has never been
formally evaluated by us for one very simple reason: It takes time, lots,
and time = money. I can't devote resources to these guys when I have paying
customers standing in line.
Now, all that being said, I too am becoming a bit tired of the "it's not
secure, so we won't implement it" mindset. Sometimes these folks are
dead-on (not supporting DES, only 3DES), but the aggressive mode thing is
definitely debateable IMHO.
Is there an alternative to frees/wan on linux?
AL
AL
More information about the rescue
mailing list