Re: 2.4 and Strong Cryptography...

From: Marc Mutz (Marc@Mutz.com)
Date: Wed Jan 12 2000 - 17:29:14 EST


"Michael H. Warfield" wrote:
>
<snip>
> If these regs get finalized and are in the form we now expect them
> to be in, can we get the paperwork filled and get IPSEC (and other crypto
> goodies like ppdd) into the 2.4 kernel? KLIPS (from IPSEC) would be a
> wonderful win! That would put us up with OpenBSD with integrated IPSEC
> (OK, IKE, aka pluto, still needs improvement - but that's not a kernel issue).
>
All those "crypto goodies" like CIPE, ppdd and IPSec (FreeS/WAN) are a
mixture of a (usually small) kernel module and a userspace daemon (or
setup tools). So you need to download the package anyway, because
userspace and kernel are so closely coupled. Look at ISDN, look at
pcmcia support and how long it took to include it into the mainstream
kernel. Still the most part of the users download the external packages.
The only crypto packages I would dare including into the main kernel at
this point are the loop device encryption (because mount supports it and
extension to new cipers is trivial) and CIPE (because it had a long time
to ripe and is conceptually so simple that it can be considered very
stable). FreeS/WAN OTOH is rapidly moving forwards. It may be a good
idea to include it early in the 2.5 cycle, but it is nothing for a
stable 2.4 IMO. Also, the installation procedure is to be considered
'exotic'. At least that would change if it was in the kernel proper.

The thing to do prior to including the loop device encryption from
kerneli.org would be to make it work for swap and over nbd. Also about
50% of the ciper implementations are broken.

This is my personal opinion, YMMV.

> We can also begin to lobby the distro makers for bundling hardened
> crypto like PGP, GPG, CFS, TCFS, SSH, etc, etc, etc, as quickly as possible.
                             ^^^^ only available for Linux 2.0!!
<snip>

Marc

-- 
Marc Mutz <Marc@Mutz.com>        http://marc.mutz.com/Encryption-HOWTO/
University of Bielefeld, Dep. of Mathematics / Dep. of Physics

PGP-keyID's: 0xd46ce9ab (RSA), 0x7ae55b9e (DSS/DH)

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:21 EST