Re: IPsec in GENERIC kernel config

[Ana Kukec]

Hi Jan,


Jan Melen wrote:

Hi,

Again when I compiled a custom kernel just to enable IPsec in the 
FreeBSD kernel it came to my mind why is it so that the IPsec is not 
enabled by default in the GENERIC kernel configuration file? At least 
for me the GENERIC kernel configuration would do just fine if the 
IPsec would be enabled in it by default. Now I have to build a custom 
kernel just for IPsec btw IPsec is even mandatory for a host 
supporting IPv6.


 


IETF just says that IPsec support is mandatory in IPv6, but IPsec use is 
not. Most of current IPv6 implementations do not include IPsec, and 
there is nothing unusual with that. It is mainly about the performance, 
but there are also other issues, mainly security ones, e.g. it actually 
cannot defend against DoS attacks and cannot strictly eliminate 
spoofing, it is only a network-level security tool.. and there are still 
lots of incompatibility issues between different vendors' 
implementations of IPsec.. etc..


Ana
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

GSoC - SeND

[Ana Kukec]

Hi all,

I am Ana Kukec, a research assistant and a PhD student at University of 
Zagreb. I will be working on the IPv6 Secure Neighbor Discovery (SeND - 
rfc3971, rfc4861) - the implementation of native kernel APIs for 
FreeBSD, within GSoC, with my mentor Bjoern Zeeb. More informations will 
be provided on http://wiki.freebsd.org/SOC2009AnaKukec.


Regards,
Ana


___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org