[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: our "secure ip" protocol
I have been working on IP-level security with Matt Blaze and Phil
Karn, and it is at a stage where we can present it to the community.
We have developed swIPe (note the typography), a network-level
security protocol for IP. swIPe provides IP-level authentication and
encryption (A&E), and cleanly separates A&E mechanism (the protocol
itself) from key management and policy enforcement.
We have built a prototype implementation of swIPe which runs under
SunOS and Mach, using DES for encryption, MD5 for authentication, a
simple key management scheme, and IPIP encapsulation for the actual
transmission. We hope to give a demo (hardware permitting) at the
upcoming IETF in Columbus. An Internet-Draft is also in the making.
Can we have a slot at the ipsec WG meeting at the Columbus IETF to
present this work?
At Interop, there were at least two vendors showing IP-level encryptors,
UUNET and Xerox Semaphore. Both use DES chips to do the encryption.
Currently, the UUNET device uses a floppy for rekeying, while the
Xerox unit uses RSA and dynamic session key generation between pairs
of encryptors.
--Steve Bellovin