search

zoulasc / racoon2

The Racoon2 project is a joint effort which provides an implementation of key management system for IPsec. The implementation is called Racoon2, a successor of Racoon, which was developed by the KAME project. It supports IKEv1, IKEv2, and KINK protocols. It works on FreeBSD, NetBSD, Linux, and Mac OS X. Racoon2 is provided under a BSD-style license. To support various environments that use IPsec, we will develop various functions.
Other
18 stars 11 forks source link

Clarify purpose and status of racoon2/zoulasc in README/README.md #4

Closed zmudc closed 4 years ago

zmudc commented 4 years ago

@zoulasc: an org https://github.com/racoon2project and move this repository?

@kamadak: It is possible to add the website on github?

It will be nice to have this GitHub in News section, and other part too, remove old links "CVS Repository" and have "Git Repository"...

Remove and redirect http://www.racoon2.wide.ad.jp/cvsweb/racoon2/ to this git?

Download -> all releases in https://github.com/zoulasc/racoon2/releases...

Originally posted by @Neustradamus in https://github.com/zoulasc/racoon2/issues/2#issuecomment-573242296

zmudc commented 4 years ago

It seems to me, as the only contributor to this project other than the owner, @zoulasc, that the README.md file could clarify much better the current status of the project. In the current README.md, we find the following:

Main objective of the Racoon2 is for research rather than business. We may not be able to provide satisfactory support for you. We are continuously changing it in our research. It does not have enough stability. So, please take full responsibility for using the Racoon2.

While this is generally true, I think it would be much better to replace that with:

The main objective of Racoon2 is currently to evaluate it as a possible replacement iked key exchange service (IKE) for use in future releases of major software platforms such as *BSD and Linux. It has iked to implement IKEv1 and IKEv2, spmd to provide security policy management services, and kinkd to provide Kerberos based key exchange for IPsec. At present it is unstable and very difficult to configure. Most users will not be able to use it in its current form without a significant level of expertise and experience with the complexities of establishing IPsec connections. It only provides one small piece (IKE) of a complicated system of many parts that are needed to establish successful secured communications over the Internet.

Racoon2 is also based on very old code and it is still very buggy. Although Racoon2 can be configured to establish working IPsec connections using both IKEv1 and IKEv2, in its current form, most users who do not have experience configuring IPsec connections will not be able to get a connection working without significant effort. The near-term goals are to reduce the number of bugs that make Racoon2 so difficult to configure, and to create a simpler system for configuring corrections correctly so that the level of expertise required to use Racoon2 to establish connections can be reduced to the point where most developers will be able to build, install, and use Racoon2 to get working IPsec connections with minimal effort.

zoulasc commented 4 years ago

Committed, thanks. There is some duplication between the first and the second paragraphs, but I left it as is.