Re: FW: Crypto

From: Sandy Harris (
Date: Wed Aug 02 2000 - 23:30:04 EST

"Michael H. Warfield" wrote:

> They may have one other thing in mind too... Once KLIPS is in the
> kernel, nothing is prohibiting someone else from porting ISKMP from
> BSD or anywhere else (once PFKEY2 is fully supported) to Linux.

Actually, you need more than PF-key v2. v2 does not handle policy and
IPSEC must, so extensions are required. Currently, FreeS/WAN, KAME and
Open BSD each have their own slightly different extensions.

> FreeSWAN
> is two parts. KLIPS (the kernel part) and PLUTO (IKE - the user space
> part). Porting ISKMP from OpenBSD to Linux is already been discussed.

I think it was actually done, for an older version of FreeS/WAN. There's
link in the WWWref.html doc file to a site in Scandinavia with the code.

What would, I think, be far more interesting would be a port of the BSD
photurisd(8). Since Linux ipsec_pluto(8) and BSD isakmpd(8) both
implement the same protocol, IKE, the payoff for a port in either
direction is not huge. Photuris, though, is a different protocol for
the same function, and a much cleaner design, so that would be a win.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Aug 07 2000 - 21:00:10 EST