Crypto and IPSec Merged into 2.5

← Back to Stories (view on slashdot.org)

Crypto and IPSec Merged into 2.5

Posted by Hemos on Wednesday October 30, 2002 @02:28AM from the gettin-it-on dept.

Corbet writes "Linus has just merged the new crypto API and IPSec implementation into his 2.5 BitKeeper tree. This is the first time that serious cryptographic code has made an appearance in the mainline kernel, and it will hopefully lead to more secure communications for all Linux users in the future."

7 of 229 comments (clear)

Min score:

Reason:

Sort:

Re:Excellent - no more FreeSWAN patches by LWolenczak · 2002-10-30 02:36 · Score: 5, Informative

somewhat, but from what I read bout a week and a half ago... the ipsec impmentation that they are putting in does not yet support ipv4 transport.... ie is useless unless you have hosts fully using ipv6 on both sides of the tunnel. Keep in mind, its not frees/wan, its from the linux ipv6 project.

With the atitude that the frees/wan project maintains, we will never see freeswan merged with mainstream kernel... hell... they still refuse to take patches from us citiziens and residents (that includes linus)
Re:exportation issues? by JKR · 2002-10-30 02:37 · Score: 5, Informative

The requirements have been relaxed recently; see here for more details. In particular:
Also in 740.13, to, in part, take into account the "open source" approach to software development, unrestricted encryption source code not subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code can, without review, be released from "EI" controls and exported and reexported under License Exception TSU.
Jon.
Looking for FreeSWAN? Try freeswan.ca by caluml · 2002-10-30 02:48 · Score: 5, Informative

I only found this out recently, but the freeswan.org site lags behind the actual development of freeswan quite a lot. A nice friendly guy runs freeswan.ca, and keeps it chockablock with all the latest patches and stuff.

I've mirrored the downloads as they're so useful.

--
Get your own free personal location tracker
Re:Kernel bloat ? by LordHunter317 · 2002-10-30 02:50 · Score: 5, Informative

No, the whole kernel is about 32MB source. Binary is far smaller.

Don't compare a 43 MB binary download to a 32MB source download. That's apples to oranges.
Re:Kernel bloat ? by GreyWolf3000 · 2002-10-30 03:02 · Score: 5, Informative

If you roll your own, it is possible to get a working Linux system as small as you want, depending on the functionality. 5MB for a webserver--before compression!
Sources themselves are huge compared to the bins they create especially considering source trees for projects like the kernel and X, which have support for many architectures. Much of the source code doesn't even get into the binary in the end.

--
Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
Re:If I want IPSec stuff by isa-kuruption · 2002-10-30 03:09 · Score: 4, Informative

I agree! The linux kernel is at least 2 years behind in any IPsec implementation compared to OpenBSD or even FreeBSD. What's going on here? Does that make sense? Usually it's the Linux folks that are ahead of the game, but not this time.

I guess the Linux folks wanted to make EXTRA SURE they didn't leave any BSD code in the kernel without a copyright before they added it to CVS.

Go ahead... troll me! I dare you!
Re:Kernel bloat ? by jim3e8 · 2002-10-30 04:07 · Score: 4, Informative

If you want to see bloat, take a look at the commercial UNIXes.
For example, on a random HP 11.0 box here:

-rwxr-xr-x 1 root sys 18946872 May 9 08:43 /stand/vmunix

That is a 19 megabyte binary kernel. It would be interesting to see how big the source is...