[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: our "secure ip" protocol

To: ji@cs.columbia.edu
Subject: Re: our "secure ip" protocol
From: smb@research.att.com
Date: Sat, 13 Mar 93 08:16:50 EST
Cc: ipsec@ans.net, crocker@tis.com

	 I have been working on IP-level security with Matt Blaze and Phil
	 Karn, and it is at a stage where we can present it to the community.

	 We have developed swIPe (note the typography), a network-level
	 security protocol for IP. swIPe provides IP-level authentication and
	 encryption (A&E), and cleanly separates A&E mechanism (the protocol
	 itself) from key management and policy enforcement.

	 We have built a prototype implementation of swIPe which runs under
	 SunOS and Mach, using DES for encryption, MD5 for authentication, a
	 simple key management scheme, and IPIP encapsulation for the actual
	 transmission. We hope to give a demo (hardware permitting) at the
	 upcoming IETF in Columbus. An Internet-Draft is also in the making.

	 Can we have a slot at the ipsec WG meeting at the Columbus IETF to
	 present this work?

At Interop, there were at least two vendors showing IP-level encryptors,
UUNET and Xerox Semaphore.  Both use DES chips to do the encryption.
Currently, the UUNET device uses a floppy for rekeying, while the
Xerox unit uses RSA and dynamic session key generation between pairs
of encryptors.

			--Steve Bellovin

Prev by Date: Re: our "secure ip" protocol
Next by Date: Presentations
Prev by thread: Re: our "secure ip" protocol
Next by thread: Presentations
Index(es):
- Main
- Thread