[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC Minutes - December 1994
CURRENT MEETING REPORT
Reported by Paul Lambert/Motorola
Minutes of the IP Security Working Group (IPSEC)
The IP Security (IPSEC) working group met three times during the 31st IETF.
The first meeting focused on the development of the IP Security Protocol
(IPSP) specification. The next two sessions covered the development of the
Internet Key Management Protocol (IKMP).
IP Security Protocol (IPSP)
The IPSP draft-in-progress was discussed with some debate on specific PDU
format issues. Rough consensus was reached on the encapsulation techniques
and formats. The baseline security transformations for IPSP will place the
Next Protocol, PAD Length, and optional PAD fields at the end of the
protected data. These formats will be documented and released late in
December as a draft IPSP specification.
Jim Hughes (NSC) gave a short presentation on an implementation of a network
layer security device. This system used an ethertype field rather than an IP
next protocol field and provided sequence integrity and packet compression.
Internet Key Management Protocol (IKMP)
Seven presentations were given (Monday and Wednesday) on specific key
management approaches and proposals.
o SESAME V3
o "IEEE Standard 802.10C - Key Management"
IEEE 802.10C
o "Modular Key Management Protocol (MKMP)"
(draft-cheng-modular-ikmp-00.txt)
o "Simple Key-Management For Internet Protocols (SKIP)"
(draft-ietf-ipsec-aziz-skip-00.txt)
o "Photuris Key Management Protocol"
(draft-karn-photuris-00.txt)
o "Group Key Management Protocol (GKMP)"
(draft-harney-gkmp-spec-00.txt,
draft-harney-gkmp-arch-00.txt)
o "Yet Another Key Management Proposal (YAKMP)"
(http://www.network.com/external/news_releases/security.shtml)
A presentation on SESAME V3 was given by Piers V McMahon (ICL Enterprises).
SESAME V3 provides an approach for the interoperability of asymmetric and
symmetric systems - in particular Kerberos and RSA. SESAME V3 KM protocol
appears to have similar scope to the key management work in IEEE 802.10.
This presentation was informational and no proposal was made to directly use
SESAME V3 as IKMP.
Russ Housley (Spyrus) gave a presentation on the IEEE 802.10C Key Management
specification. The latest version of IEEE 802.10C is available on line (ftp
from atlas.arc.nasa.gov in two files /pub/sils/kmpd6.ps1 and kmpd6.ps2) IEEE
802.10C uses the ISO Generic Upper Layer Security (GULS) specification, the
OSI Upper Layer Architecture, and the ACSE protocol. Concern was expressed
about the complexity of the GULS specification, but this concern was
counteracted when Russ indicated that the specification would be rewritten in
Internet style if the IETF adopted IEEE 802.10c. IEEE 802.10c was the most
complete specification presented at the meeting. It provides a generic
framework for key management, but does not currently provide a worked example
of the cryptographic processing.
The Modular Key Management Protocol (MKMP) was presented by Amir Herzberg
(IBM). MKMP has been documented as an I-D (draft-cheng-modular-ikmp-00.txt)
as a specific proposal for IKMP. MKMP proposes a modular approach with an
upper module in which a long-lived (``master'') key is exchanged between the
communicating parties, and a lower module, in which the already shared
(master) key is used for the derivation, sharing and/or refreshment of
additional short-lived keys to be used for the cryptographic transformations
applied to the data. Some of the techniques in this proposal are covered by
IBM patents. IBM is working to grant "royalty-free right" to use of US
Patent #5,148,479 "if the IBM proposal is included in the final Internet
standard" and "parties who commit to grant IBM rights of similar scope under
their patents that relate to the Internet standard in question."
Ashar Aziz (Sun Microsystems, Inc.) presented a "Simple Key-Management For
Internet Protocols" (SKIP). SKIP is available as an Internet-Draft (draft-
ietf-ipsec-aziz-skip-00.txt). SKIP was designed to solve a specific
multicast scenario. The demonstration implementation of SKIP was running a
video application. SKIP provides a means to create a key with a unique "one-
way" key establishment. SKIP does not provide any attribute negotiation. A
patent has been applied for by SUN on the SKIP mechanism, but SUN has taken a
position that: "The SKIP patents (when they issue) will be placed in the
public domain. Anyone may use it if they wish, with no rights or dues
pertaining to Sun. There will be no need to license SKIP patent rights."
Phil Karn (Qualcomm) presented "Photuris and IKMP Requirements". Photuris is
an experimental protocol that Photuris is an experimental key management
protocol intended for use with the IP Security Protocol (IPSP) in a point-to-
point mode. Photuris combines Diffie-Hellman key exchange with RSA
authentication to provide perfect forward secrecy and is also designed to
thwart certain types of active denial of service attacks on host resources.
Photuris exchanges a "cookie" before initiating public-key operations,
thwarting the saboteur from flooding the recipient using random IP source
addresses. Photuris also provides anonymity for the identities of the peer
systems. The flooding prevention and anonymity requirements were well
received by the working group.
The "Group Key Management Protocol" (GKMP) was described by Carl Muckenhirn.
GKMP is being submitted to the Working Group for consideration as a method of
key management for multicast internet services and is documented in two
Internet-Drafts (draft-harney-gkmp-spec-00.txt, draft-harney-gkmp-arch-
00.txt). The GKMP architecture describes the management of cryptographic
keys for multicast communications. GKMP provides the ability to create and
distribute keys within arbitrary-sized groups without the intervention of a
global/centralized key manager. The GKMP combines techniques developed for
creation of pairwise keys with techniques used to distribute keys from a KDC
(i.e., symmetric encryption of keys) to distribute symmetric key to a group
of hosts.
Jim Hughes (Network Systems Corporation) gave a presentation on "Yet Another
Key Management Proposal". The signaling used by NSC in their secure router
product was described. The device uses RSA for authentication, Diffie-
Hellman for key exchange, a number of symmetric ciphers, MD5 for data
integrity and also provides data compression. NSC provided detailed
descriptions of their design and stated that they intend to follow the
recommendations and implement the results of the IPSEC working group.
(http://www.network.com/external/news_releases/security.shtml)
IKMP Discussion and Issues
A group discussion on the various proposals focused on a matrix of comparison
criteria. These criteria included: Published Internet-Draft, Key Exchange
Independence, Worked Public Key Based Key Exchange, Public Key Methods,
Symmetric Key Methods, Attribute Negotiations (for SA, and during which
phase?), Application Protocol (not Built into IPSP), Multicast Support,
Defeat Bogus Initiates, Hiding Certificates Exchanged (Encrypting), Working
Code / Implementation, Security Management Protocol (versus just session key
establishment), one-way exchange, perfect forward secrecy, RSAREF
implementable, performance, and revocation.
Evaluation of the proposal features will be discussed on the net by
evaluating and ranking IKMP requirements. The work on IKMP will focus over
the next period on the comparison and consolidation of the proposals.
Attendees of December 1994 IPSEC Working Group Meetings
Ran Atkinson atkinson@itd.nrl.navy.mil
Werner Atmesher atmesher@di.epf7.ch
Madelyn Badger Madelyn@hs.com
Ward Bathrick ward@mls.hac.com
Doug Bayer dbayer@microsoft.com
Shaun Bharrat bharrat@dss.com
Kym Blair kdblair@dockmaster.ncsc.mil
Eric Blossom eb@comsec.com
Uri Blumenthal uri@watson.ibm.com
Ed Brencovich edb@dss.com
Tip Brisco brisco@rutgers.edu
David Carrel carrel@crisco.com
Brett Chappell bchappe@relay.nswc.navy.mil
Pau-Chan Cheng pau@watson.ibm.com
Corwin corwin@asylum.sf.ca.us
Hadmut Danisch danisch@isa.uka.de
Whitfield Diffie whitfield.diffie@eng.sun.com
Dale Drew ddrew@mci.net
Steve Dussse Steve@rsa.com
Donald Eastlake Dee@lkg.dec.com
Greg Edwards edwardsg@lmsc.lockheed.com
Mark Eichin eichin@cygnus.com
David Ferenz Dferenz@shl.com
Antonio Fernandez afa@bellcore.com
Rich Fox kck@netcom.com
Craig Fox craig@ftp.com
Barbara Fraser byf@cert.org
Jerome Freedman Jr. jfjr@mbunix.mitre.org
Dan Frommer danf@radmail.rad.co.il
Atsuchi Fujioko jun@sucaba.isl.ntt.jp
Alexander Galitsky sasha@elivs.msk.su
Maria Gallagher mgallagh@atlas.are.nasa.gov
Juan A. Garay garay@watson.ibm.com
Dale Geesey geeseyd@bah.com
Jisoo Geiter geiter@mitre.org
Rob Glenn glenn@snad.ncsl.nist.gov
Dragan Grebaich dragan@bnr.ca
Daniel T. Green dtgreen@relay.nswc.navy.mil
Per-Olof Haeffner poh@fmu.se
Neil Haller nmh@bellcore.com
Dan Hanson hanson@afc4a.safb.af.mil
Dewayne Hendricks dewayne@tetherless.com
Amir Herzberg amir@watson.ibm.com
Marc Horowitz marc@cam.ov.com
Russell Housley housley@spyrus.com
Jim Hughes Hughes@network.com
Dale Johnson dmj@mitre.org
LaMont Jones lamont@hp.com
Phil Karn Karn@qualcomm.com
Charlie Kaufman charlieskaufman@iris.com
Kevin Kim kkim@rch.mci.com
Katsumi Kobayashi
Klaus-Peter Kossabrowski kpk@cert.dfn.de
Hugo Krawczyk hugo@watson.ibm.com
Craig Labovitz labovit@merit.edu
Paul Lambert Paul_Lambert@email.mot.com
Ying-Da Lee ylee@syl.dl.nec.com
Marcus Leech mleech@bnr.ca
John Linn linn@ceng.ov.com
John Lowry jlowry@bbn.com
Betty Machmar machmar@hydra.dra.hug.gb
Cheryl Madson cmadson@baynetworks.com
Phil Maier Phil@lmsc.lockheed.com
Louis Mamakos LOUIE@UUNET.UU.NET
Shawn Mamras mamras@ftp.com
Jeff Marcus marcus@jvnc.net
Tom Markson markson@incog.com
Antony Martin Martin@hydra.dra.hmg.gb
Douglas Maughan wdmaugh@tycho.ncsc.mil
Piers McMahon p.v.mcmahon@rea0803.wins.icl.co.uk
Tod McQuillin devin@lm.com
Perry Metzger perry@piermont.com
Bob Moskowitz rgm3@is.chrysler.com
Toni Murase murase@sumitomo.com
Andrew Myles andrewm@mpce.mg.edu.ca
Dan Nessett nessett@eng.sun.com
Michael Oehler mjo@tycho.ncsc.mil
Mark Oliver oli@hyperk.com
Hilarie Orman ho@cs.arizona.edu
Bill Owens owens@utd.rochester.edu
Martin Patterson martinp@france.sun.com
Charles Perkins perk@watson.ibm.com
Bad Phan phan@itd.nrl.navy.mil
Joseph Ramus Ramus@nersc.com
Eric Rescorla ekr@eit.com
Randy Rettberg rettberg@apple.com
Carl Rigney cdr@livingston.com
Aviel Rubin rubin@bellcore.com
Vipin Samar vipin@eng.sun.com
Mark Schertler MJS@tycho.ncsc.mil
Allan M. Schiffman ams@eit.com
Jeff Schiller jis@mit.edu
John Scudder jgs@merit.edu
Chris Seabrook cds@ossi.com
Nachum Shacham shacham@csl.sri.com
Bill Simpson BSimpson@morningstar.com
Phil Smiley psmiley@lobby.ti.com
Charles Smith chas@act.acu.oig.au
David Solo solo@bbn.com
Bill Sommerfield sommerfld@apollo.hp.com
Don Stephenson dons@eng.sun.com
Oscar Strohacker strog@vnet.ibm.com
Kwang-Pill Sung scc@netcom.com
Steve Sweeney Steven_Sweeney@3mail.3com.com
Jagannadh S. Tangirala c1jaggu@watson.ibm.com
John Taus taus@unet.ibm.com
Ted Ts'o tytso@mit.edu
Carolyn Turbyfmi turby@eng.sun.com
Tony Valle tvalle@orlando.loral.com
Paul Van Oorschot paulv@bnr.ca
Dale Walters walters@snad.ncsl.nist.gov
Howard Weiss hsw@columbia.sparta.com
David Woodgate davidw@its.csiro.au
Suguru Yamaguchi suguru@is.ais-nara.ac.jp
Shin Yoshida yoshida@sumitomo.com
Jim Zmuda zmuda@spyrus.com
Glen Zorn gwz@cybersafe.com