[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SKIP: Interoperability proposal
Hi,
Some notes for SKIP interoperability testing at Dallas IETF. Here's what
I propose for SKIP interoperability testing. Comments are welcome.
Interoperability will be SKIP as described in the "04" draft.
Algorithm discovery will not be tested.
All implementations will support the ESP protocol under IPv4.
Testing will be of encapsulation mode (Next Header=IP in the
ESP header)
Public Keys will be distributed as hashed public keys either through
the certificate discovery protocol, or with files. Implementations
will therefore implement NSID 8.
In the worst case, manual kij keying is also acceptable.
Interopability will be with DES for key encryption and
DES-CBC (RFC 1829) for traffic encryption.
If time permits, we can also test Triple DES (RFC1851).
RC4 (or RC3.9) can also be used. The transform will be as
described in Germano Caronni's mail to ipsec. The traffic
encryption algorithm for RC4 will be transform 251. Since 250-255
are only for local use, this is compliant with the draft.
Simplecrypt (for rudimentary protocol testing) will be transform 252.
Again, comments are welcome.
--tom