Since one of our goals in the OpenBSD project is to provide strong security, we have implemented a number of protocols and services in the base system. An OpenBSD distribution thus has full support for such mechanisms as IPsec, SSL, Kerberos, etc, being unaffected by export restriction laws.
Simply supporting these mechanisms, however, is not sufficient for wide-spread use. We are constantly trying to make their use as easy and, where possible, transparent to the end user. Thus, more work is done in those mechanisms that can be used to provide transparent security, e.g., IPsec.
With this paper, we intend to give a good overview of the cryptography currently distributed and used in OpenBSD, and of our plans for future work. We hope this will be of interest both to end-users and administrators looking for better ways to protect their host and networks, and to developers in other systems (free or otherwise) that are considering supporting some of these mechanisms. We should again caution the readers, however, that cryptography does not solve all security problems in an operating system, and should not be considered as an end in itself, but rather as an important piece of the security puzzle.