Communications Security

  In an increasingly networked environment, communications security support in an OS is extremely important. As there are different mechanisms and different layers where one may apply security, OpenBSD supports a number of security protocols and mechanisms, some of which were developed (or even designed) by our developers. In some cases, there is considerable overlap in functionality. One of our goals is to eventually make it transparent to the end user which such security mechanism is in use.

The following sections give a brief overview of these mechanisms, some detail of their implementation and integration in OpenBSD, and our plans for future work. As we already mentioned in section 1, we consider IPsec an extremely important tool in network security, both because of its potential for user-transparency and its flexibility. This is reflected by the more thorough coverage of IPsec in the text that follows.

Other popular mechanisms, such as SSH [38], are not covered because they are only part of our ports system. While virtually all the developers use SSH, there is no free implementation we can add to our standard distribution. Furthermore, the current version of SSH is restricted by the RSA patent in the US. We are waiting for a free implementation to become available as part of the IETF standardization process of SSH. Such an implementation would be linked with our libssl.