We haven't kept proper track of everybody who has helped us, alas, but
here's a first attempt at acknowledgements...
Most of the FreeS/WAN software has been done by Richard Guy Briggs
(KLIPS), D. Hugh Redelmeier (Pluto), Michael Richardson (technical lead,
KLIPS, testing, etc.), Henry Spencer (past technical lead, scripts,
libraries, packaging, etc.), Sandy Harris (documentation), Claudia
Schmeing (support, documentation), and Sam Sgro (support, releases).
Peter Onion has collaborated extensively with RGB on PFKEY2 stuff. The
original version of our IPComp code came from Svenning Soerensen, who has
also contributed various bug fixes and improvements.
The first versions of Pluto were done by Angelos D. Keromytis
The MD2 implementation is from RSA Data Security Inc., so this package must
include the following phrase: "RSA Data Security, Inc. MD2 Message Digest
Algorithm" It is not under the GPL; see details in programs/pluto/md2.c.
The MD5 implementation is from RSA Data Security Inc., so this package must
include the following phrase: "derived from the RSA Data Security, Inc.
MD5 Message-Digest Algorithm". It is not under the GPL; see details in
The PKCS#11 header files in programs/pluto/rsaref/ are from RSA Security Inc.,
so they must include the following phrase: "RSA Security Inc. PKCS#11
Cryptographic Token Interface (Cryptoki)". The headers are not under the GPL;
see details in programs/pluto/rsaref/pkcs11.h.
The LIBDES library by Eric Young is used. It is not under the GPL -- see
details in libdes/COPYRIGHT -- although he has graciously waived the
advertising clause for FreeS/WAN use of LIBDES.
The SHA-1 code is derived from Steve Reid's; it is public domain.
Some bits of Linux code, notably drivers/net/new_tunnel.c and net/ipv4/ipip.c,
are used in heavily modified forms.
The lib/pfkeyv2.h header file contains public-domain material published in
Delete SA code and Notification messages were contributed by Mathieu Lafon.
He also implemented the vital NAT traversal support.
Peter Onion has been immensely helpful in finding portability bugs in
general, and in making FreeS/WAN work on the Alpha in particular. Rob
Hatfield likewise found and fixed some problems making it work on the
John S. Denker of AT&T Shannon Labs has found a number of bugs the hard
way, has pointed out various problems (some of which we have fixed!) in
using the software in production applications, and has suggested some
substantial improvements to the documentation.
Marc Boucher <email@example.com> did a quick-and-dirty port of KLIPS to the
Linux 2.2.x kernels, at a time when we needed it badly, and has helped
chase down 2.2.xx bugs and keep us current with 2.4.x development.
John Gilmore organized the FreeS/WAN project and continues to direct it.
Hugh Daniel handles day-to-day management, customer interface, and both
constructive and destructive testing. See the project's web page
<http://www.freeswan.org> for other contributors to this project and
Herbert Xu ported the FreeS/WAN code to the native IPsec stack
of the Linux 2.6 kernel.
Kai Martius added initial support of OpenPGP certificates.
Andreas Steffen introduced the support of X.509 certificates in 2000
and has been both maintaining the X.509 code and adding extensions
to it ever since.
Andreas Hess, Patric Lichtsteiner, and Roger Wegmann implemented the
the initial X.509 certificate support, relying on Kai Martius's work.
Marco Bertossa and Andreas Schleiss implemented the verification of
the X.509 chain from the peer certificate up to the root CA.
Ueli Galizzi and Ariane Seiler did the original work on the support
of attribute certificates.
Martin Berner and Lukas Suter implemented the definition of group
attributes and dynamic fetching of attribute certificates.
Christoph Gysin and Simon Zwahlen implemented PKCS#15-based
smartcard suppport and contributed a fully operational OCSP client.
David Buechi and Michael Meier implemented the PKCS#11 smartcard
The support of port and protocol selectors was based on Stephen J.
Bevan's original work.
Stephane Laroche donated the original LDAP and HTTP fetching code
based on pthreads.
JuanJo Ciarlante introduced the modular support of alternative
encryption and authentication algorithms (AES, Serpent, twofish, etc).
The ipsec starter is based on Mathieu Lafon's original work.
Jan Hutter and Martin Willi developed the scepclient which fully
supports Cisco's Simple Certificate Enrollment Protocol (SCEP).
Tobias Brunner and Daniel Roethlisberger implemented NAT traversal and
dead peer detection for the IKEv2 keying daemon.
Daniel Wydler implemented the integrity test of the libstrongswan code
using the FIPS_canister code from the OpenSSL-FIPS project.