[Openswan dev] Re: [design] Announce: FreeS/WAN Project Ending

[Paul Wouters]

On Tue, 2 Mar 2004, Sandy Harris wrote:

> This is still beyond question a valid goal. How do we continue from
> here?

Openswan supports and will keep supporting, Opportunistic Encryption. Current
issues of why OE hasn't caught on are being worked on. Such as better failure
mode, integration with dhclient and dynamic updates.

> With luck, maybe parts of it can be picked up immediately.

It had already, with superfreeswan, and since last november as Openswan.
 
> As I see it, the key is that Pluto, which actually handles the
> negotiation of OE connections, be well supported. It could perhaps
> survive without KILPS -- running over the 2.6 kernel IPsec code or
> even on a BSD box since they also use a PFkey interface -- but as
> far as I know Pluto is the only OE implementation out there, so it
> really needs to be kept alive.

As said before, for pluto to run on BSD, only a small piece of code needs to
be ported to BSD, now that Pluto supports the 2.6 native KAME based kernel
implementation. What is left is the pluto/kernel_netlink.* files mostly.

If there are any BSD coders willing to assist porting, please contact me.

> A quick check on ietf.org seems to show that the Internet
> Draft on OE has expired. Should it be kept alive? Can it
> move toward RFC status?

Good point, this needs to be addressed.

Paul