Microsoft files EU Android complaint

[D. Hugh Redelmeier]

| From: James Knott <james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org>

| Further on this.  A router would generally use IPSec only for VPNs and a VoIP
| would only use it for encrypting calls.

IPSec can be deployed on gateways, making the LAN behind them
available, or it can be run on the host itself.

An application is unlikely to be able to conveniently make requests of
a gateway.  The API I mentioned would only be for talking to IPSec on
the host itself.

VPN is what IPSec was designed for, in many peoples' minds.  It wasn't
what we were aiming for.  We wanted each flow that could be protected
to be protected, opportunistically.  I repeat, that's not a VPN but it
does fit into IPSec (we took part in the IETF process to make sure).
And it is perfect for VoIP.

|   Is
| there a library that can be called for either use?  On my computer, I see the
| StrongSWAN package includes strongswan-libs0, which provides the strongswan
| library and plugins.

I don't know much about strongSwan.

I don't even know as much as I'd like to about Libreswan.

Libreswan seems to interoperate with iPhones (I've seen it).  But I
don't think that that is Opportunistic since iOS uses Raccoon and that
doesn't do OE.  The tunnels are built on demand, but I think that they
have to be prearranged.

Getting Libreswan to interoperate with iOS required supporting another
few "options": ESP over UDP (to deal with NAT, I think), and IKE
fragmentation (not standardized; partially documented in a file found
on a Microsoft server; needed to work around broken firewalls that
discard (legally) fragmented UDP).  And some other things I don't
understand.  What a mess.

|  Might there be something in there that could be called
| by a VoIP app for encrypting a call?

I don't know.
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists