Linux FreeS/WAN provides IPSEC (IP Security, which is both encryption and authentication) kernel extensions and an IKE (Internet Key Exchange, keying and encrypted routing daemon) as well as various rc scripts and documentation. It is known to interoperate with other IPSEC and IKE system already deployed by other vendors such as OpenBSD, Cisco, or CheckPoint. It also features Opportunistic Encryption, subnet extrusion, and with the appropriate patches interops nicely with Microsoft Windows XP/2000 using X.509 certificates.
Openswan is an implementation of IPsec (IP Security). Is it a code continuation of the defunct FreeS/WAN project. Openswan provides IPSEC kernel extensions (for encryption and authentication) and an IKE daemon (for Internet key exchange and encrypted routing), as well as various rc scripts. It features Opportunistic Encryption, subnet extrusion, X.509 certificates, NAT Traversal support, XAUTH, Enterprise L2TP, and DNSSEC support. Currently, work is being done with asynchronous crypto hardware accelerator support and a Mac OS X port.
Some problems with "shared caches"
It seems people are overlooking a few problems. The static vs dynamic issue will
not get worse. Most large ISP's already do transparent proxying, where this issue
comes up as well. However, they tend to (and should) not cache script stuff. I,
for one, would not like to share my online banking cache results :) So there
should be ways to make sure some browing data does NOT get into the shared
cache. One step might be to never put SSL stuff in there, but wether people like
it or not, with all the government rules abroad and abound, the net is going to
become crypto very fast, defeating a lot of these strategies. And giving the user
an option to share or not share certain sites is just what you do not want to
burden the average enduser with, because they'll just share nothing (or that option
has to be the default from a security point of view).
Second, I'm not sure how the Freenet protocol works exactly, but I wouldn't like
others to ask my freenet client/ shared cache exclusively. That will allow them to
build up my user profile. Right now, we have enough cookies and 1 pixel banners
to worry about, we don't need yet another privacy invasion.
To come back to the slashdot effect, one poster had a good remark. Let slashdot
ask a site before posting wether or not they came suck a static copy of the content
and offer a "local mirror" option on their site (that might even hook to become
default as slashdot itself notices the remote site has gone done). Though I think
this would add quite a load on the slashdot servers, esp. when posting about
small sites (I think they might actually already at times not post a 'funny link' to
a site just to prevent the site from being wrecked).