Upon doing some investigation, I have found that the SKIPJACK IPsec
encryption mode was never standardized. It was a draft[1] back in
1999, but never made into an offical RFC, and IANA nor IETF never
assigned an offical number for the mode.
Skipjack is also a very weak cipher[2]. The largest key it supports is
80bits, which is really too weak for modern usage.
FreeBSD's setkey doesn't support manually keying skipjack, so this
means it depends upon a daemon to configure it.
It looks like NetBSD has it at the same value (250) as FreeBSD, but
OpenBSD has it at 249. So there may be interoperability issues with
it.
I would like to remove it from HEAD immediately as I don't see a use
for it. Some time ago I proposed removing Skipjack from the OCF
in 12, but personally, now that I think about how long 12 is, we
deprecate these sooner rather than later.
P.S. If you want to keep this mode, you have to say you are currently
using the mode and include a working sample config.
Thanks.
[1] https://tools.ietf.org/html/draft-ietf-ipsec-skipjack-cbc-00
[2] https://en.wikipedia.org/wiki/Skipjack_(cipher)
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."