We haven't kept proper track of everybody who has helped us, alas, but here's a first attempt at acknowledgements... Most of the FreeS/WAN software has been done by Richard Guy Briggs (KLIPS), D. Hugh Redelmeier (Pluto), Michael Richardson (technical lead, KLIPS, testing, etc.), Henry Spencer (past technical lead, scripts, libraries, packaging, etc.), Sandy Harris (documentation), Claudia Schmeing (support, documentation), and Sam Sgro (support, releases). Peter Onion has collaborated extensively with RGB on PFKEY2 stuff. The original version of our IPComp code came from Svenning Soerensen, who has also contributed various bug fixes and improvements. The first versions of Pluto were done by Angelos D. Keromytis . The MD2 implementation is from RSA Data Security Inc., so this package must include the following phrase: "RSA Data Security, Inc. MD2 Message Digest Algorithm" It is not under the GPL; see details in programs/pluto/md2.c. The MD5 implementation is from RSA Data Security Inc., so this package must include the following phrase: "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm". It is not under the GPL; see details in linux/net/ipsec/ipsec_md5c.c. The PKCS#11 header files in programs/pluto/rsaref/ are from RSA Security Inc., so they must include the following phrase: "RSA Security Inc. PKCS#11 Cryptographic Token Interface (Cryptoki)". The headers are not under the GPL; see details in programs/pluto/rsaref/pkcs11.h. The LIBDES library by Eric Young is used. It is not under the GPL -- see details in libdes/COPYRIGHT -- although he has graciously waived the advertising clause for FreeS/WAN use of LIBDES. The SHA-1 code is derived from Steve Reid's; it is public domain. Some bits of Linux code, notably drivers/net/new_tunnel.c and net/ipv4/ipip.c, are used in heavily modified forms. The lib/pfkeyv2.h header file contains public-domain material published in RFC 2367. Delete SA code and Notification messages were contributed by Mathieu Lafon. He also implemented the vital NAT traversal support. Peter Onion has been immensely helpful in finding portability bugs in general, and in making FreeS/WAN work on the Alpha in particular. Rob Hatfield likewise found and fixed some problems making it work on the Netwinder. John S. Denker of AT&T Shannon Labs has found a number of bugs the hard way, has pointed out various problems (some of which we have fixed!) in using the software in production applications, and has suggested some substantial improvements to the documentation. Marc Boucher did a quick-and-dirty port of KLIPS to the Linux 2.2.x kernels, at a time when we needed it badly, and has helped chase down 2.2.xx bugs and keep us current with 2.4.x development. John Gilmore organized the FreeS/WAN project and continues to direct it. Hugh Daniel handles day-to-day management, customer interface, and both constructive and destructive testing. See the project's web page for other contributors to this project and related ones. Herbert Xu ported the FreeS/WAN code to the native IPsec stack of the Linux 2.6 kernel. Kai Martius added initial support of OpenPGP certificates. Andreas Steffen introduced the support of X.509 certificates in 2000 and has been both maintaining the X.509 code and adding extensions to it ever since. Andreas Hess, Patric Lichtsteiner, and Roger Wegmann implemented the the initial X.509 certificate support, relying on Kai Martius's work. Marco Bertossa and Andreas Schleiss implemented the verification of the X.509 chain from the peer certificate up to the root CA. Ueli Galizzi and Ariane Seiler did the original work on the support of attribute certificates. Martin Berner and Lukas Suter implemented the definition of group attributes and dynamic fetching of attribute certificates. Christoph Gysin and Simon Zwahlen implemented PKCS#15-based smartcard suppport and contributed a fully operational OCSP client. David Buechi and Michael Meier implemented the PKCS#11 smartcard interface. The support of port and protocol selectors was based on Stephen J. Bevan's original work. Stephane Laroche donated the original LDAP and HTTP fetching code based on pthreads. JuanJo Ciarlante introduced the modular support of alternative encryption and authentication algorithms (AES, Serpent, twofish, etc). The ipsec starter is based on Mathieu Lafon's original work. Jan Hutter and Martin Willi developed the scepclient which fully supports Cisco's Simple Certificate Enrollment Protocol (SCEP). Tobias Brunner and Daniel Roethlisberger implemented NAT traversal and dead peer detection for the IKEv2 keying daemon. Daniel Wydler implemented the integrity test of the libstrongswan code using the FIPS_canister code from the OpenSSL-FIPS project.