[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC Agenda

To: Paul_Lambert@poncho.phx.sectel.mot.com
Subject: IPSEC Agenda
From: karn@qualcomm.com (Phil Karn)
Date: Thu, 28 Oct 93 18:48:05 -0700
Cc: ipsec@ans.net
In-Reply-To: Paul Lambert's message of Tue, 19 Oct 1993 12:08:57 MST <00112.2833877525.50635@poncho.phx.sectel.mot.com>

Paul, I've been experimenting with a SWIPE-like IP security protocol
within my own TCP/IP package (KA9Q NOS) for the past several weeks.
Key management is currently manual, but it fully supports either
end-to-end or "encryption gateway" style operations.  You can
configure it to either encrypt (with DES-CBC), authenticate (with
keyed MD5), or both, individual datagrams on a per-host-pair basis.
I'm currently using it to encrypt much of the traffic over my dialup
slip link between home and work.

I'd like to have a chance to talk about this as "work in progress" at
the IPSEC meeting.

The more I experiment with this, the more I'm convinced that the
actual security packet header formats are not nearly as important as
the many issues surrounding how to cleanly integrate an IP-level
security protocol into the existing Internet architecture and into
existing software implementations. Even though standards bodies are
nominally not supposed to discuss implementation details, I think it
useful to look at "case studies" in order to gain insights into
broader issues that are definitely relevant to whatever standards
we produce.

Phil

References:

IPSEC Agenda

From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert)

Prev by Date: IPSEC Agenda
Next by Date: No Subject
Prev by thread: IPSEC Agenda
Next by thread: No Subject
Index(es):
- Main
- Thread