"IT3 Stuart B. Tener, USNR-R" wrote: > There is a "one-better" solution. If the kernel were integrated with > all the links to have crypto, and dummy crypto modules were supplied (that > did nothing with the clear text, basically passing back exactly what it > receives), then all that would be necessary is to replace the bogus modules > with real modules to gain crypto abilities. The problem here is not technical. The problem is export laws that prevent US, and perhaps some other, distributions from shipping with crypto included. e.g. for FreeS/WAN IPSEC, we have this in the docs: http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/intro.html#products | Unfortunately the export laws of some countries restrict the distribution of | strong cryptography. FreeS/WAN is therefore not in the standard Linux kernel | and not in all CD or web distributions. | | Full Linux distributions | | FreeS/WAN is included in various general-purpose Linux distributions from | countries (shown in brackets) with more sensible laws: | | European versions of SuSE Linux (Germany) | Conectiva (Brazil) | the server edition of Corel Linux (Canada) | the Polish(ed) Linux Distribution (Poland) | Trustix Secure Linux (Norway) | | Firewall distributions | ... | Firewall and VPN products | ... The same reasons apply to encrypting file systems, the international patch, in fact anything that uses strong crypto. Conectiva ship with FreeS/WAN, SSH, I think file encryption, ..., but kernel.org and US companies have difficulty doing that. US and other export laws have undergone some changes recently, and kernel.org now carries the international patch. However, there are still restrictions and it is still not clear that we can do the Right Thing, put strong crypto in the standard kernel and therefore have it available to all Linux users without fuss. Your solution with dummy modules does not work, because the writers of the export laws excluded that approach. Any "crypto-shaped hole", any interface designed to make adding cryptography easy, is covered by those laws. For discussion, see: http://www.freeswan.org/freeswan_trees/freeswan-1.91/doc/politics.html#politics Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
