2.6 kernel patches
Lamont R. Peterson
lamont at gurulabs.com
Mon Dec 22 20:35:18 UTC 2003
On Mon, 2003-12-22 at 12:32, Steve Bergman wrote:
> On Mon, 2003-12-22 at 12:48, Lamont R. Peterson wrote:
> > Yes...please, drop CIPE. It is quite insecure.
> Indeed. Here is my suggestion for the announcment:
>
> ----------
>
> Dear Fedora Core user:
>
> Some time ago, we at RedHat selected CIPE as our standard VPN solution.
> It had the advantage of being available. We understand that many of our
> customers have had to live with it's limitations. In particular, the
> fact that it will really only talk to other RedHat systems, and is not
> compatible with the vast majority of VPN routers, or with MS Windows(tm)
> clients and servers. We also understand that due to this decision on
> the part of RedHat, most of you are using CIPE to link your various
> RedHat networks. So it is with great sadness that we tell you that we
> have decided to discontinue CIPE support as of Fedora Core 2, in favor
> of IPSec. We know that this will be another inconvenience to both
> Fedora core users and to our paying enterprise customers, as new
> installations will not be able to talk to previous ones. However, we
> also hope that you understand why we are making this move. We see this
> as a positive step in view of the fact that what we have been providing
> as our VPN solution to buyers of both our consumer grade product as well
> as our enterprise linux product has always been quite insecure.
>
> Thank You for choosing Fedora Core.
> -------------
>
>
> How's that?
Yup, that would do it. Thank you for applying clarity to the subject.
Seriously, though, I know that it is not realistic to drop something
like this straight out.
However, dealing with some rather security conscious clients (like those
worrying about HIPPA, for example) *require* IPsec and only IPsec.
Other clients, without such specific needs, who just want the "peace of
mind" knowing that their remote connections are "secure" (read "We use
encryption, therefore, we are safe...what do you mean there are
differences in the quality of one encryption vs. another?") do not care
what they use, as long as they are compatible. Of course, CIPE only
works with CIPE...and so on.
Anyway, your point is absolutely right, IMO...even if it is not hard to
switch, it will not be easy to make the switch.
--
Lamont Peterson <lamont at gurulabs.com>
Senior Instructor
Guru Labs <http://www.gurulabs.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20031222/86398219/attachment-0002.bin
More information about the devel
mailing list