[Openswan dev] Openswan + FIPS thoughts

Wed Oct 31 13:45:27 EDT 2007

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "David" == David McCullough <David_Mccullough at securecomputing.com> writes:
    David> As always, I have trouble knowing which git tree to pull from
    David> you guys :-) 

  Us too :-)

    David> Actually, given all the requirements, I think we need to use
    David> 3.0.  Is that even an option ?  Porting our OCF changes up to
    David> 2.5 may be safer at this point if 3.0 is truly unstable and
    David> untested ?  Seems like #testing is 2.5 based.

  3.0 is considered "#unstable"
  Having said that, the KLIPS part of it is very well tested with OCF
acceleration on the Vulcan card.  As 60% of the issues were in fact in
KLIPS code (at the interface to OCF), likely most of that stability
applies to other hardware as well.

  Merging #testing into #unstable is relatively easy.
  Once we finish ikev2, we will advance the state, i.e. 
       #testing  -> #stable
       #unstable -> #testing
       new work  -> #unstable

- -- 
]            Bear: "Me, I'm just the shape of a bear."          |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Finger me for keys

iQEVAwUBRyi/NICLcPvd0N1lAQJRnQgAuo6LG1djtd8wOzmxrGtKO1kk2uPb/2Wb
DBo5lE80LBqcMSxnhHwN+MtoZJEuzfzRgUDou0ku1wAf/vrNrvThAefZ+MLSkBSU
aNnXJSO493nyQ438i0hC9J7x8cdMPTcW8LnMGSjm0efN95G0u29fylKzYyPw5Vc4
Pkon1n4VP9HyHGEE2WfIvzJrCpe2JFQ9VdDC6EwrifIR2zdG5eTS4WakDQwfnLtl
VHYBRukHSGQToS1Tr9J9KveKkVst7cJiulkfeFigNy5zt1p25h5DJH0/3lxffmDC
N1+3+IGudiRy96UxWeFBqlk08h6pWpRnhaJ5X/bPGmlpfsg8bOWUTg==
=saMB
-----END PGP SIGNATURE-----