From: Ken Bantoft (ken_at_freeswan.ca)
Date: Thu Oct 31 2002 - 17:12:01 CET
-----BEGIN PGP SIGNED MESSAGE-----
> > Linus merged a variant of an earlier fork of FreeS/WAN, mixed in with some
> > code from the USAGI project (IPv6 for linux, which includes ipsec), and
> > some new code to glue it all together. So there is ipsec support in the
> > kernel. But no userland tools, config files, etc. That's all extra, and
> > not part of the kernel.
>
> Which means that FreeSwan will eventually be redundant. At least
> I can work on the crypto code in the kernel.
FreeS/WAN will probably become redundant - that's sort of a long-term
plan. There's actualy nothing stopping someone from taking FreeS/WAN
as-is today, slapping it into the Linux kernel, and redistrubuting it. In
fact, there's a number of companies doing that in turn-key VPN appliances,
and shipping them out of the US.
> > Now, for the 2nd part of your question.
>
> > IANAL, however this is my understanding of the current situation.
>
> > The US "relaxed" regulations by a government declaration. This is *not* a
> > law, and thus can be revoked at any time by either the house, the senate
>
> This was always true both ways and applies to all countries.
> France relaxed it's laws but can equally turn around and tighten them.
> China "technically" prohibits the possesion of cryptography and yet
> I listened to several officials from the Ministry of Information Industry,
> in person (through an interpreter) speak of the need for strong privacy
> and strong cryptography to promote E-Commerce. They are "permitting"
> crypto but can clamp down in an instant. The Brits keep dragging up
> ideas for accessing people's keys and crypto that are absolutely draconian.
Yes. Until there are laws permitting (or better yet, requiring) the use
of strong cryptography for all communications, its all at the whims of
governments.
> > or the President. As such, you can export products with crypto outside of
> > the US freely, until the government changes it's mind (which will probably
>
> Until ANY government (including Canada) changes their mind.
Correct. See above. I'd like to see governments start to require
strong encryption on more services.
> > want to give <insert country here> access to encryption while we're at war
> > with them, right? <insert Homeland Security and War on Terrorist stuff
> > here>)
>
> Gee... What rock were you hiding under when this came up and
> was shot down in congress?
That was actually sarcasm, since as you indicated, it's already happened.
Next time, I'll <sarcasm></sarcasm> it.
> How bout all that discussion up there in Canada about "lawfull
> access" and all? Pretty scary stuff... Makes the Patriot Act look
> down right tame.
It could, but unlike the Patriot Act, it's not a law yet, so there's still
time to speak up and try to stop it, which many folks are trying to do.
> > Therefore, if/when the government revokes the declaration, Linus would
> > have to pull out all of the crypto code, or cease to distribute the Linux
> > kernel.
>
> Bullshit. Get a clue. The best way to prevent that is to go
> balls to the wall and get crypto in everything. You can't pull it back
> once it's out there. Crypto has been on kernel.org for a couple of
> years now. All the cryptoapi and loopaes and kerneli stuff has been
> hosted there.
Crypto's been on kerneli.org, which exists for this reason. And yes,
I've read the lkml emails that state the same as you state - put it in now, and
watch them try to pull the plug later. By the way, this is all
speculation, since none of it's happened yet. Insulting me because I
choose to speculate doesn't make your points any more or less valid.
> They couldn't stop pgp when they had ITAR and then EAR in full
> force. They didn't stop me from assisting Tatu with ssh. They didn't
> stop me from doing the SSL stuff in fetchmail and Eric posting it on his
> site here in the US. The FUD on this subject is enough to do Microsoft
> proud.
Re: PGP - They didn't stop it, but they sure as hell tried, and I'd expect
them to try again.
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"Random numbers should not be generated with a method
chosen at random." -- Donald Knuth,
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPcFWVFiWUusaxGxpAQHyHgP/aiuxI7uhlD27FATc0SmaQzlVBXH5cIah
Xzn0h3obuoEG62A4KQBKkNtzIECONzujBFSRrBgHfoeVOOWQuR/Wjvr3eBjTc+rs
aKMNt7WTUa35chIsQqZrzMvlWeem0AELWLMIDkRutG6M46KTGDVW1UcJybj7yrg1
NS0bOHWTsLA=
=Ao8l
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 05:20:36 CET