Making Network Encryption Usable and Secure.

The IPSec protocols have finally secured the IP layer. Perhaps surprisingly, building a secure system around IPSec is not as simple as it appears. I'll outline some of the problems the Linux FreeS/WAN project has had with this, and how we've solved them (or plan to solve them).

How to make a complex piece of software usable to inexperienced system administrators. Having to straddle the kernel/user boundary, with packet encryption in the kernel, and the control and keying mechanisms at user level, is particularly awkward. Editing configuration files, as usual, is a pain; the orthodox answer to this is fancy GUI editors, but we think it's better to get rid of the need to mess with the files at all.

Unfortunately IPSec has far too many useless options and alternatives, although FreeS/WAN avoided some of that by just not implementing them and we have de-implemented some of the ones we did originally do.

Surprisingly enough, this has had little effect on interoperability, with the (minor) exception of our controversial decision to de-implement 56-bit DES. The protocols also turn out to be poorly-designed and incomplete, and some fancy footwork has been needed to paper over some of the gaps.

One problem we do have is that we want to provide real security, and IPSec provides far too many flavors of fake security. (56-bit DES being among them). There are also all the problems of building really secure systems: encryption is just the first step.

Our long-term goal is to get most Internet traffic encrypted.

Henry Spencer

His system was the first Usenet site in Canada. He is well-known as a Usenet contributor in many areas, notably the space and C groups. He and Geoff Collyer wrote C News, and more recently he and David Lawrence wrote "Managing Usenet" for O'Reilly. He has written various freely available software packages, including several regular-expression libraries, and is currently technical lead for the Linux FreeS/WAN project.