-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 28 Oct 2005, /dev/rob0 wrote:
On Friday 2005-October-28 15:14, Oscar A. Valdez wrote:
Incidentally, I think the folks at netfilter should pay more
attention to the difficulties with ipsec and iron them out.
Ooooh, I think it's a sensitive point to say what unpaid volunteers
should or should not be doing. I am sure you didn't mean it to sound
rude or ungrateful, but it does. Perhaps your company will consider
funding development.
Additionally, in all fairness;
Course the netfilter site might be a tad more clear on what netfilter
can;'t do and/or what might be in planning for the future but not
presently capble, you know, a section under the "What I can do with
netfilter" such as, "What netfilter can't do, or presently can't do"...
Or not. I fail to see the appeal of ipsec. Similar, arguably better,
transport security can be had with far less bother using openvpn.
(Better because of OpenSSL being the crypto implementation, and that
project likely gets more expert review than any Ipsec code.) NAT, and
even non-IP protocols, are no problem with openvpn.
But, your not "seeing the appleal" is s religious argument, and in some
cases, the application might be desinged around IPsec <maybe it's built
into the appl code, or the device>...maybe it's just called for
specifically in the design specs...
Thanks,
Ron DuFresne
- --
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A E838 B2DF AFCC 94B0 6629
...We waste time looking for the perfect lover
instead of creating the perfect love.
-Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDYqkGst+vzJSwZikRAhrjAJ4zan2RI09YYw9brSpEzLGh2Dt+MgCePldc
AkT38YuZJ5u3ElHdku25AeU=
=C/5w
-----END PGP SIGNATURE-----
