On Tue, Jun 13, 2006 at 08:43:16AM -0600, Theo de Raadt wrote:
[snip]
And if you continue baiting me, I will delete the driver from our
source tree.
Here is my conclusion on this.
OpenBSD is the MOST secure OS on the planet and no one can dispute that.
PF is also the most secure firewall as well. No question there either.
So, why IT people use OpenBSD you think?
What are these same IT persons are doing for a leaving. Installing,
maintaining, recommending firewalls and hardware. Doing it at customers
sites. Talking to other IT person, making a leaving at it, etc!
Where do they communicate their informations, finding, complains,
success you think? Here!
Where do they look for the proper hardware to use. Here?
The bottom line, IT people use OpenBSD for what it excel at!
Where are "crypto accelerators" cards use you think?
Who will install them, buy them, use them, recommend them, support them?
Answer left for the reader....
What is asked is nothing compare to the benefit Hifn can get.
To finish, as far as I am concern, remove the driver for Hifn cards.
Why, well for the same reason I use OpenBSD. It's secure and stable! If
I can't get a "crypto accelerators card" that is secure, stable and
supported properly on my firewall, I don't want it and I sure don't want
to think twice about it. I don't want a possible security holes in my
firewalls, or customers firewall because something might not be
understood properly for the lack of documentations to support it. There
is other choices available. So be it.
See, I am lazy and like sales guys, I like to sleep at night! Not think
any firewall I am responsible for might be compromise because of a bad
drivers. Sorry, I value my time as well!
Hifn needs to understand it's market, users, supporters and obviously
they do not.
The same policy should apply here as it does for the OS at large.
Release when ready!
Adaptec was removed and we are better off and have more reliable
solutions now. So be it with Hifn crypto accelerators until they do.
Regards,
Daniel
