Re: racoon?

From: Pavel Simerda <psimerda redhat com>
To: Derek Atkins <warlord MIT EDU>
Cc: networkmanager-list gnome org, Bjørge Solli <bjorge solli gmail com>
Subject: Re: racoon?
Date: Wed, 14 Nov 2012 11:02:35 -0500 (EST)

> From: "Derek Atkins" <warlord MIT EDU>
> Pavel Simerda <psimerda redhat com> writes:
> >> From: "Derek Atkins" <warlord MIT EDU>
> >> Pavel Simerda <psimerda redhat com> writes:
> >> > The Racoon software is fairly obsolete and abandoned. I admit it
> >> > can serve
> >> > your purpose but it is not really worth any new work. There is
> >> > Strongswan,
> >> > Racoon2 (a separate project) or, maybem, Openswan. AFAIK only
> >> > Strongswan
> >> > and Openswan have some support for NetworkManager. I'm curious
> >> > about any
> >> > new information you might have.
> >> 
> >> It may be old but it is neither obsolete nor abandoned.
> >
> > I am sorry but I insist on the word obsolete for software that
> > implements
> > obsolete IETF protocols and ignores their replacements.
> 
> Fair enough on the obsolecense -- RFC 4306 was released in 2005 which
> does "obsolete" RFC 2409.  However shortly before 4306, RFC 4109 was
> released which still made updates to 2409, so clearly there were
> coexisting efforts to create IKEv2 and update IKEv1.

Yes. That means if we actively support some IPsec implementation,
it will have to be dual protocol twice. Once for IPv4/IPv6, once for
IKEv1/IKEv2. And I would advise the same to anyone going to start
working on something like that.

> Yes, it's been seven years since IKEv2 was released.  Welcome to
> IETF Time.  :)

It's been a long time since IPv6 was released :).

> However I still maintain that ipsec-tools has not been abandoned.

Possibly. But when I was exploring the current state of IPsec userspace
implementations, its last release was more than a year old and it was
far from perfect even for IPv4 and IKEv1.

> >> There is still work being done on ipsec-tools,
> >
> > Yes? What news can I expect, then?
> 
> You'll have to ask the current developers.  I only know that there
> are still updates.

I don't see any new release since March 2011, the mainpage links to
nonexistent websites and there's not even any information about current
development. For anyone not involved it's just as dead as any other dead
project.

I would ask the developers but as I don't see Racoon as a match for any
of the other three implementations, there's no need for that. Either way
it is IMO out if interest for the NetworkManager project.

Pavel

> 
> -derek
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord MIT EDU                        PGP key available
>

Follow-Ups:
- Re: racoon?
  - From: Derek Atkins

References:
- Re: racoon?
  - From: Derek Atkins

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]