[Swan] IPsec and OE Primers for libreswan 3.7

Paul Wouters paul at nohats.ca
Wed Dec 18 23:51:54 EET 2013


On Wed, 18 Dec 2013, dave at ariens.ca wrote:

> I'm excited to implement opportunistic encryption with libreswan, but I'm 
> fumbling finding an appropriate resource to help me through it.
>
> Are there any sites/resources recommended by the list members?

What exactly are you implementing? We are still designing some of the
OE "2.0" issues, so it would certainly make sense if we're looking at
specifying and implementing the same thing.

The Christmas break is going to be used to write up some text RFC style
to see if we can success in our goal of keeping it very simple while
addressing all the corner cases.

What we are trying to avoid are too different "kinds" of OE. We also
want to avoid creating thousands of "do not encrypt" kernel policies.
We are also moving some state out of the IKE daemon into an unbound DNS
server module. So you should probably tell us what you are looking at,
so we can help each other out instead of implementing our own things.

For some more information, see:

http://www.ietf.org/proceedings/88/slides/slides-88-saag-3.pdf


Paul


More information about the Swan mailing list