[src/trunk]: src/distrib/notes/common Note the replacement of kame_ipsec by f...

[riz <riz%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/53505a58ecee
branches:  trunk
changeset: 781967:53505a58ecee
user:      riz <riz%NetBSD.org@localhost>
date:      Wed Oct 10 17:55:16 2012 +0000

description:
Note the replacement of kame_ipsec by fast_ipsec;  this change was
originally submitted as a patch to the netbsd-6 branch, but should have
been committed on the trunk first.

diffstat:

 distrib/notes/common/main |  17 ++++++++++++++++-
 1 files changed, 16 insertions(+), 1 deletions(-)

diffs (38 lines):

diff -r 379bed910aa2 -r 53505a58ecee distrib/notes/common/main
--- a/distrib/notes/common/main Wed Oct 10 17:49:50 2012 +0000
+++ b/distrib/notes/common/main Wed Oct 10 17:55:16 2012 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: main,v 1.490 2012/10/10 16:08:14 apb Exp $
+.\"    $NetBSD: main,v 1.491 2012/10/10 17:55:16 riz Exp $
 .\"
 .\" Copyright (c) 1999-2012 The NetBSD Foundation, Inc.
 .\" All rights reserved.
@@ -504,6 +504,15 @@
 .Xr groff 1
 can still be found in pkgsrc as
 .Pa textproc/groff .
+.It
+.Xr kame_ipsec 4
+has been replaced by
+.Xr fast_ipsec 4 .
+The option to use the old implementation (see
+.Xr options 4 )
+will be removed in the next
+.Nx
+release.
 .bullet)
 .
 .Ss "The NetBSD Foundation"
@@ -751,6 +760,12 @@
 .Xr sysctl 8
 command or through
 .Xr sysctl.conf 5 .
+.Pp
+The implementation of SHA2-HMAC in KAME_IPSEC as used in NetBSD-5
+and before did not comply to current standards.
+FAST_IPSEC does, with the result that old and new systems cannot
+communicate over IPSEC, if one of the affected authentication
+algorithms (hmac_sha256, hmac_sha384, hmac_sha512) is used.
 .
 .Ss2 Issues affecting an upgrade from NetBSD 4.x releases
 .Pp