Swan: Securing the Internet against Wiretapping
My project for 1996
was to secure 5% of the Internet traffic against passive wiretapping.
It didn't happen in 1996, so I'm still working on it in 1997, 1998, and 1999!
If we get 5% in 1999 or 2000, we can
secure 20% the next year, against both active and passive attacks; and
80% the following year. Soon the whole Internet will be private and secure.
The project is called S/WAN or S/Wan or Swan for Secure Wide Area Network;
since it's free software, we call it FreeSwan to distinguish it from
various commercial implementations.
RSA came up with the term "S/WAN".
Our main web site is at
Want to help?
by FreeS/WAN project founder John Gilmore
The idea is to deploy PC-based boxes
that will sit between your local area network and
the Internet (near your firewall or router) which opportunistically
encrypt your Internet packets. Whenever you talk to a
machine (like a Web site)
that doesn't support encryption, your traffic goes out "in the
clear" as usual. Whenever you connect to a machine that does support this
kind of encryption, this box automatically encrypts all your packets,
and decrypts the ones that come in. In effect, each packet gets put into
an "envelope" on one side of the net, and removed from the envelope when
it reaches its destination. This works for all kinds of Internet
traffic, including Web access, Telnet, FTP, email, IRC, Usenet, etc.
The encryption boxes are standard PC's that use
freely available Linux software that you can download over the Internet
or install from a cheap CDROM.
This wasn't just my idea; lots of people have been working on it for years.
The encryption protocols for these boxes are called
IPSEC (IP Security).
They have been developed by the
IP Security Working Group of the
Internet Engineering Task Force,
be a standard part of the next major version of the Internet protocols
For today's (IP version 4) Internet, they are an option.
Internet Architecture Board and
Internet Engineering Steering Group
have taken a
strong stand that the Internet should use
powerful encryption to provide security and privacy. I think these protocols
are the best chance to do that, because they can be deployed very easily,
without changing your hardware or software or retraining your users.
They offer the best security we know how to build, using the Triple-DES,
RSA, and Diffie-Hellman algorithms.
This "opportunistic encryption box" offers the "fax effect". As each
person installs one for their own use, it becomes more valuable for their
neighbors to install one too, because there's one more person to use
it with. The software automatically notices each newly installed box,
and doesn't require a network administrator to reconfigure it. Instead of
"virtual private networks" we have a "REAL private network"; we add
privacy to the real network instead of layering a manually-maintained
virtual network on top of an insecure Internet.
Deployment of IPSEC
The US government would like to control the deployment of IP Security with
crypto export laws.
This isn't a problem for my effort, because
the cryptographic work is happening outside the United States. A foreign
philanthropist, and others, have
donated the resources required to add these protocols
to the Linux operating system.
is a complete, freely available
operating system for IBM PC's and several kinds of workstation, which
is compatible with Unix. It was written by Linus Torvalds, and is still
maintained by a talented team of expert programmers working
all over the world and coordinating over the Internet. Linux is distributed
GNU Public License,
which gives everyone the right to copy it,
improve it, give it to their friends, sell it commercially, or do just
about anything else with it, without paying anyone for the privilege.
Organizations that want to secure their
network will be able to put two Ethernet cards into an IBM PC, install
Linux on it from a $30 CDROM or by downloading it over the net, and
plug it in between their Ethernet and their Internet link or firewall.
That's all they'll have to do to encrypt their Internet traffic everywhere
outside their own local area network.
Travelers will be able to run Linux on their
laptops, to secure their connection back to their home network (and to
everywhere else that they connect to, such as customer sites).
Anyone who runs Linux on a standalone PC will also be able to secure their
network connections, without changing their application software or
how they operate their computer from day to day.
There will also be numerous commercially available firewalls that use
RSA Data Security
is coordinating the
S/Wan (Secure Wide Area Network)
project among more than a dozen vendors who use these protocols. There's a
that shows which vendors have tested their boxes
against which other vendors to guarantee interoperatility.
Eventually it will also move into the operating systems
and networking protocol stacks of major vendors. This will probably take
longer, because those vendors will have to figure out what they want to do
about the export controls.
My initial goal of securing 5% of the net by Christmas '96 was not met.
It was an ambitious goal, and inspired me and others to work hard, but was
ultimately too ambitious. The protocols were in an early stage
of development, and needed a lot more protocol design before
they could be implemented. As of April 1999, we have released
version 1.0 of the software
which is suitable for setting up Virtual Private Networks using
shared secrets for authentication. It does not yet do
opportunistic encryption, or use DNSSEC for authentication; those
features are coming in a future release.
The low-level encrypted packet formats are defined. The system for
publishing keys and providing secure domain name service is defined.
The IP Security working group has settled on an NSA-sponsored protocol
for key agreement (called ISAKMP/Oakley), but it is still being worked
on, as the protocol and its documentation is too complex and incomplete.
There are prototype implementations of ISAKMP. The protocol
is not yet defined to enable opportunistic encryption or the use of
- Linux Implementation
The Linux implementation has reached its first major release
and is ready for production use in manually-configured networks,
using Linux kernel version 2.0.36.
- Domain Name System Security
There is now a release of BIND 8.2 that includes most DNS Security
The first prototype implementation of Domain Name System Security was
as part of their
Information Survivability program.
Trusted Information Systems
wrote a modified version of
the widely-used Berkeley implementation of the Domain Name System.
TIS, ISC, and I merged the prototype into the standard version of BIND.
production version that supports KEY and SIG records is bind-4.9.5.
or any later version of BIND will do for publishing keys. It is available
Internet Software Consortium.
This version of BIND is not export-controlled since it does
not contain any cryptography. Later releases starting with BIND 8.2
include cryptography for authenticating DNS records, which is also
exportable. Better documentation is needed.
Because I can. I have made enough money from several
successful startup companies, that for a while
I don't have to work to support myself.
I spend my energies and money creating the kind of world
that I'd like to live in and that I'd like my (future) kids to live in.
Keeping and improving on the civil rights
we have in the United States, as we move more of our lives into
cyberspace, is a particular goal of mine.
What You Can Do
Would you like to help? I can use people who
are willing to write documentation, install early releases for testing,
write cryptographic code outside the United States, sell pre-packaged
software or systems including this technology, and teach classes
for network administrators who want to install this technology.
To offer to help, send me email at email@example.com. Tell me what country
you live in and what your citizenship is (it matters due to the
export control laws; personally I don't care). Include a copy of your
resume and the URL of your home page. Describe what you'd like to do
for the project, and what you're uniquely qualified for. Mention what
other volunteer projects you've been involved in (and how they worked out).
Helping out will require that you be able to commit to doing particular things,
meet your commitments, and be responsive by email. Volunteer projects
just don't work without those things.
- Install the latest BIND at your site.
You won't be able to publish any keys for your domain, until you
have upgraded your copy of BIND. The thing you really need from
it is the new version of named, the Name Daemon, which knows
about the new KEY and SIG record types. So, download it from the
Internet Software Consortium
and install it on your name server
machine (or get your system administrator, or Internet Service Provider,
to install it). Both your primary DNS site and all of your secondary
DNS sites will need the new release before you will be able to publish
your keys. You can tell which sites this is by running the Unix
command "dig MYDOMAIN ns" and seeing which sites are mentioned in your
NS (name server) records.
- Set up a Linux system and run a 2.0.x kernel on it
Get a machine running Linux (say the 5.2 release from
Give the machine two Ethernet cards.
- Install the Linux IPSEC (Freeswan) software
If you're an experienced sysadmin or Linux hacker, install
the freeswan-1.0 release, or any later release or snapshot.
do NOT provide automated "opportunistic" operation; they must
be manually configured for each site you wish to encrypt with.
- Get on the linux-ipsec mailing list
The discussion forum for people working on the project, and testing
the code and documentation, is: firstname.lastname@example.org.
To join this mailing list, send email to
containing a line of text that says "subscribe linux-ipsec".
(You can later get off the mailing list the same way -- just
send "unsubscribe linux-ipsec").
- Check back at this web page every once in a while
I update this page periodically, and there may be new information
in it that you haven't seen. My intent is to send email to the mailing
list when I update the page in any significant way, so subscribing
to the list is an alternative.
- IPSEC for NetBSD
This prototype implementation of the IP Security protocols is for another
free operating system.
- IPSEC for OpenBSD
This prototype implementation of the IP Security protocols is for yet another
free operating system. It is directly integrated into the OS release, since
the OS is maintained in Canada, which has freedom of speech in software.
my home page
An equal opportunistic encryptor.