On Sat, 15 Dec 2001 Philip S Tellis wrote :
Mr. Ambrish Kumar took the next lecture on IPSec, touching on implementations in windows and linux. There were some doubts as to whether the linux kernel has built in IPSec compatibility or if it requires a recompile. Maybe someone on the list can shed some light on this.
No.Current Linux kernel does not have built in IPSec compatibility,because of the US regulation(NSA can decrypt upto only 64-bit encryption).IPSec allows much better and easy encryption than anybody can decrypt.
Some Distrubutions made outside the US like Polish distribution does provide inbuilt IPSec.
I have recompiled the Linux(2.4.12) with Freeswan-IPSec(1.91) and currently using it with 2048-bit RSA encryption for my VPN network.It gives me descent(and the most secure) performance over the cable connection.
See follwing site for more info. http://www.freeswan.org/
-Mahesh Gharat
Sometime on Dec 15, Mahesh Gharat assembled some asciibets to say:
Thanks for the info, but please make sure the lines that you type have linebreaks at about 72 characters. Have a look at your post on the lug archives to see what I mean.
http://mm.ilug-bom.org.in/pipermail/linuxers/Week-of-Mon-20011210/003268.htm...
No.Current Linux kernel does not have built in IPSec compatibility, because of the US regulation(NSA can decrypt upto only 64-bit
I think the law has changed now. Since the last few months, exporting of high strength encryption algorithms has been allowed. That is how netscape can be shipped with strong encryption.
Philip
On Sun, 16 Dec 2001, Philip S Tellis wrote:
I think the law has changed now. Since the last few months, exporting of high strength encryption algorithms has been allowed. That is how netscape can be shipped with strong encryption.
'tis correct.
Previously you couldn't export software containing strong cryptography (Symmetric keylength > 56 bits and public keylength > 512 bits) anywhere out of the US without a license.
As of Jan2000 (I'm not sure I have that date right, but its more than a year ago) export is only banned to specifically embargod countries like Libya, Iraq, Taliban-controlled areas of Afghanistan etc.
-
Mahesh Gharat -
Philip S Tellis -
Vinay Pai