Re: FW: FreeSWAN Release 1.93 ships!
Lucky Green [EMAIL PROTECTED] writes: FreeS/WAN occupies a position very rarely found in efficient markets, such as open source software. While the position is rarely encountered, it can nonetheless exist: I believe that FreeS/WAN is a natural monopoly. My impression from the show of hand at the HAL2001 FreeS/WAN session was that OpenBSD's IPSEC was being used rather more than FreeS/WAN. -- 1024/D9C69DF9 steve mynott [EMAIL PROTECTED] don't anthropomorphize computers; they don't like it.
Re: FreeSWAN Release 1.93 ships!
Note that to compile FreeS/WAN on Red Hat using the Red Hat kernel-source RPM you need to: rm include/linux/modules/*.ver before you 'make dep'. Otherwise you get module version brokenness. -derek Lucky Green [EMAIL PROTECTED] writes: The big question is: will FreeS/WAN latest release after some 4 or 5 years of development finally both compile and install cleanly on current versions of Red Hat Linux, FreeS/WAN's purported target platform? --Lucky, who is bothered by the fact that most his Linux using friends so far have been unable to get FreeS/WAN to even compile into a working kernel, while just about every *BSD distribution - and for that matter Windows XP - ship with a working IPSec implementation out-of-the-box. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Stewart Sent: Thursday, December 06, 2001 2:05 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: FreeSWAN Release 1.93 ships! From Claudia Schmeing [EMAIL PROTECTED]'s summary: http://lists.freeswan.org/pipermail/briefs/ = 1. Release 1.93 ships! === 1 post Dec 3 http://lists.freeswan.org/pipermail/users/2001-December/005632 .html A number of small improvements have been added to this release, which was shipped on-time. Some highlights: * Diffie-Hellman group 5 is now the first group proposed. * Two cases where fragmentation is needed will be handled better, thanks to these two changes The code that decides whether to send an ICMP complaint back about a packet which had to be fragmented, but couldn't be, has gotten smart enough that we now feel comfortable enabling it by default. and IKE (UDP/500) packets which were large enough to be fragmented used to be mishandled, with some of the fragments failing to bypass IPsec tunnels properly. This has been fixed; our thanks to Hans Schultz. * If Pluto gets more than one RSA key from DNS, it will now try each key. This will help when a system administrator replaces a key. * There is preliminary support for building RPMs. * SMP support is better. * The team has eliminated a vulnerability that might permit a denial of service attack. What can we expect from the next release? Henry Spencer writes: We are in the process of chasing down a couple of significant bugs (which have been there since at least 1.92 and possibly earlier), and we *might* ship another release quite shortly if we nail them down and fix them. If we don't, we won't. Barring that possibility, the next release is planned for the end of January; a more precise date will be announced shortly. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available
RE: FreeSWAN Release 1.93 ships!
On Sunday 09 December 2001 07:32 pm, Lucky Green [EMAIL PROTECTED] wrote: The big question is: will FreeS/WAN latest release after some 4 or 5 years of development finally both compile and install cleanly on current versions of Red Hat Linux, FreeS/WAN's purported target platform? The latest releases of both Suse and Mandrake are both able to install kernels with Freeswan already integrated. It's a little newer addition to Mandrake, so you may want to use Suse. Suse makes it easy to set up encrypted file systems and other nice features. The major problem that holds back the development of FreeS/WAN is with its management. [Management that cares more about sitting on its pulpit, than getting useful software into the hands of people.] Unless things have changed recently, they still won't accept contributions from the US. This makes no sense. GPG is shipping with every Linux distribution I know of, and the German's take contributions from the US. The primary kernel developers have been willing to integrate crypto into the kernel since the crypto regs were lowered. It's the policy of no US contributions that's holding back Linux IPSEC. IMHO: If Freeswan had never been created, an alternate, more mature implementation would already exist in the mainline Linux kernel. --Anonymous
FW: FreeSWAN Release 1.93 ships!
While I am too far from the process to offer comment to the contents of the post below, the last paragraph of the post in some bizarre way did help crystallize a thought that I knew had been nagging in the back of my mind for months, perhaps as much of a year, but that I just could not quite bring to the foreground. FreeS/WAN occupies a position very rarely found in efficient markets, such as open source software. While the position is rarely encountered, it can nonetheless exist: I believe that FreeS/WAN is a natural monopoly. Natural monopolies are usually only found in extremely small markets. The economic textbook example is a power company on an island of 50 people. The market size is simply too small to sustain the overhead of two companies, no matter how efficient both companies may become. Therefore, the market doesn't attract competitors, even absent any regulatory market distortions. (Hence the natural in natural monopoly :-) But for whatever reasons, FreeS/WAN has been holding such a natural monopoly position in by far the largest market in which I have ever seen such a beast. I find this fascinating. I wonder if economists will some day study the case to determine what factors brought it about. [I presume somebody other than the FreeS/WAN project may have written a few lines of Linux open source IPSec code, but they aren't competitors in that market any more than a guy walking around with a charged car battery offering service would be a competitor to the power company in the island example]. --Lucky, who simply had to share this revelation. Back to writing Mixmaster remailer code. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Anonymous Sent: Monday, December 10, 2001 7:54 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: FreeSWAN Release 1.93 ships! On Sunday 09 December 2001 07:32 pm, Lucky Green [EMAIL PROTECTED] wrote: The big question is: will FreeS/WAN latest release after some 4 or 5 years of development finally both compile and install cleanly on current versions of Red Hat Linux, FreeS/WAN's purported target platform? The latest releases of both Suse and Mandrake are both able to install kernels with Freeswan already integrated. It's a little newer addition to Mandrake, so you may want to use Suse. Suse makes it easy to set up encrypted file systems and other nice features. The major problem that holds back the development of FreeS/WAN is with its management. [Management that cares more about sitting on its pulpit, than getting useful software into the hands of people.] Unless things have changed recently, they still won't accept contributions from the US. This makes no sense. GPG is shipping with every Linux distribution I know of, and the German's take contributions from the US. The primary kernel developers have been willing to integrate crypto into the kernel since the crypto regs were lowered. It's the policy of no US contributions that's holding back Linux IPSEC. IMHO: If Freeswan had never been created, an alternate, more mature implementation would already exist in the mainline Linux kernel. --Anonymous
FreeSWAN Release 1.93 ships!
From Claudia Schmeing [EMAIL PROTECTED]'s summary: http://lists.freeswan.org/pipermail/briefs/ = 1. Release 1.93 ships! === 1 post Dec 3 http://lists.freeswan.org/pipermail/users/2001-December/005632.html A number of small improvements have been added to this release, which was shipped on-time. Some highlights: * Diffie-Hellman group 5 is now the first group proposed. * Two cases where fragmentation is needed will be handled better, thanks to these two changes The code that decides whether to send an ICMP complaint back about a packet which had to be fragmented, but couldn't be, has gotten smart enough that we now feel comfortable enabling it by default. and IKE (UDP/500) packets which were large enough to be fragmented used to be mishandled, with some of the fragments failing to bypass IPsec tunnels properly. This has been fixed; our thanks to Hans Schultz. * If Pluto gets more than one RSA key from DNS, it will now try each key. This will help when a system administrator replaces a key. * There is preliminary support for building RPMs. * SMP support is better. * The team has eliminated a vulnerability that might permit a denial of service attack. What can we expect from the next release? Henry Spencer writes: We are in the process of chasing down a couple of significant bugs (which have been there since at least 1.92 and possibly earlier), and we *might* ship another release quite shortly if we nail them down and fix them. If we don't, we won't. Barring that possibility, the next release is planned for the end of January; a more precise date will be announced shortly.