[Openswan dev] Openswan patches for better rpm and OCSP support
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Dec 7 13:10:58 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
>> - NULL_ESP for legality reasons (sometimes you are not allowed to
>> use cryptography and currently AH is not any longer supported in
>> openswan). An other use of NULL_ESP is when you use ipsec uppon
ESP_NULL should not satisfy legal issues, as there is no indication
that the data is not encrypted. As such, you could trivially start
encrypting packets in that context.
AH was designed for what you want. The fact that it isn't NAT-T
capable just means that you should be using IPv6. tell your regulator
that when they force your ISP to support v6, you'll comply with the law.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ5clsYCLcPvd0N1lAQJeZwf/TVvQDg6ThGiW3KCSdrH8HEFtIxTyK9gB
u76C+5fgd3dhJne+ca9JtJzZMwm3SXAxMeYkUxWUr9uQi0EoaeoShowANx/wD6ko
2SfzsPP0ndUHKdjpdVARJ4xp7yQ0oFd5lqWCdv2OMh8EfZsYf1PmtV0U0sckxbnk
pOupA9PLKoLK6fNDB2MZ9xxNDXK5P5DmhGdeB0v1tsz5NCe0hUIgKlpH4gfzlpR3
XfBKhsv7fMtpq0gx7igcwW7JmpuFNWF+DToQrc5YOzlLuMQvKNT6xycatwbLX10U
8/mQGSdofCyuPUKaNmZrKKlKnn1CFzIX3uyqyC2MDIn0khOKApkK2g==
=d3qr
-----END PGP SIGNATURE-----
More information about the Dev
mailing list