[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSEC Implementation Survey




 
The following nine individuals and vendors have responded to the IPSEC 
implementation survey. 
 
 ERPIPSEC 
 ETHZ / ENskip 
 IBM 
 JI 
 KA9Q NOS 
 Morning Star SecureConnect 
 Network Systems BorderGuard and Security Router 
 NRL   
 Sun ICG 
 TimeStep PERMIT 
 USC/ISI 
 
The results of this first survey (as of February 26, 1996) are provided below. 
 
_______________________________________________________________________ 
 
Name of Implementation:   ERPIPSEC, BELLCORE, Antonio Fernandez  
Security Protocols:       ESP, AH 
Security Transforms:      ESP-DES, AH-MD5_128,64,32 
Key Management:           manual 
Location of Source Code:  proprietary 
Point of Contact:         Antonio Fernandez,  
                          afa@bellcore.com 
 
_______________________________________________________________________ 
 
Name of Implementation:   ETHZ / ENskip   
Security Protocols:       SKIP (draft 6), limited AH & ESP (SPI=1) 
Security Transforms:      ESP-DES, ESP-3DES, ESP-IDEA, ESP-RC4, AH-MD5 
                           (some of these transforms are  
                            not yet standarized) 
Key Management:           only via SKIP, (manual, X.509 and  
                           'DH public value' keying). 
                           (plus non-standardized PFS) 
Lineage of Code:          Works under Solaris 2.4+, IRIX, NetBSD, Nextstep. 
Location of Source Code:  ftp://ftp.tik.ee.ethz.ch/pub/packages/skip 
                           (X.509 and PFS not yet publicly available) 
Point of Contact:         skip@tik.ee.ethz.ch 
 
_______________________________________________________________________ 
 
Name of Implementation:   IBM 
Security Protocols:       ESP, AH, both tunnel and transport mode 
Security Transforms:      ESP-DES (32-bit and 64-bit IV), keyed-MD5, 
                           new keyed-MD5 proposed by Hugo 
Key Management :          Manual+Fast Key Refreshment>, 
                           SKEME (in progress), Photuris (in Progress) 
Lineage of Code:          IBM Proprietary, about 10k to 15K lines 
                           (rough estimate, including ESP,  
                           AH, and Key Management). 
Location of Source Code:  Proprietary 
Point of Contact:         pau@yktvmv.vnet.ibm.com 
 
_______________________________________________________________________ 
 
Name of Implementation:   JI 
Security Protocols:       ESP, AH, Protocol-4 encapsultation 
Security Transforms:      ESP-DES, AH-MD5 
Key Management:           manual, Photuris; PF_ENCAP keying i/f, 
                           PF_ROUTE extensionsl  
Lineage of Code:          Written from scratch,  
                           entirely in Greece, for BSD/OS 2.0,  
Location of Source Code: ji's home machine 
                          The promised end-January-96 release  
                          is not ready yet; it should be (freely) available 
                          from ftp.ripe.net RSN. 
Point of Contact:        ji@hol.gr 
 
_______________________________________________________________________ 
 
Name of Implementation:  KA9Q NOS 
Security Protocols:      ESP, AH 
Security Transforms:     ESP-DES & ESP-DES3, each with 0,32 and 64-bit IVs; 
                          keyed MD5 
Key Management:          manual 
Lineage of Code:         scratch 
Location of Source Code: Not yet released. Will release soon,  
                          modulo export rules 
Point of Contact:        karn@unix.ka9q.ampr.org 
 
________________________________________________________________________ 
 
Name of Implementation:  Morning Star SecureConnect 
Security Protocols:      ESP, AH 
Security Transforms:     ESP-DES, AH-MD5 
Key Management:          manual 
Lineage of Code:         scratch 
Location of Source Code: proprietary 
Point of Contact:        Karl Fox 
                          <karl@morningstar.com> 
_______________________________________________________________________ 
 
Name of Implementation:  Network Systems BorderGuard and Security Router 
Security Protocols:      Proprietary 
Security Transforms:     Des, Idea, 3DES, NSC1 (proprietary),  
                          MD5, Replay, D-H and RSA 
Key Management:          Proprietary 
Lineage of Code:          scratch 
Location of Source Code: proprietary 
Point of Contact:        Ted Doty  
                          <ted@kgbvax.network.com> 
 
________________________________________________________________________ 
 
Name of Implementation:   NRL   
Security Protocols:       ESP, AH -- for BOTH IPv4 and IPv6 
Security Transforms:      ESP-DES, AH-MD5  
Key Management:           manual,  
                          PF_KEY interface for key management daemons  
Lineage of Code:          derived from and portable to 4.4-Lite BSD 
Location of Source Code:  ftp://ftp.ripe.net/ipv6/nrl/IPv6_domestic.tar.gz 
                            for the September 1995 alpha release. 
                          January 1996 alpha-2 release is not yet at an  
                            ftp site, but should appear soon in the  
                            protected "US-only" archives at ftp.c2.org.  
Point of Contact:         ipv6-bugs@cs.nrl.navy.mil 
 
_______________________________________________________________________ 
 
Name of Implementation:   Sun ICG 
Security Protocols:       ESP, AH, proprietary 
Security Transforms:      ESP-DES, ESP-DES3, AH/KEYED MD5 
Key Management:           SKIP 
Lineage of Code:           
Location of Source Code:  http://skip.incog.com 
Point of Contact:         markson@incog.com 
 
_______________________________________________________________________ 
 
Name of Implementation:   TimeStep PERMIT 
Security Protocols:       ESP, AH, proprietary 
Security Transforms:      ESP-DES 
Key Management:           proprietary, manual 
Lineage of Code:          from scratch 
Location of Source Code:  proprietary 
Point of Contact:         Stephane Lacelle 
                          slacelle@timestep.com 
 
_______________________________________________________________________ 
 
Name of Implementation:   USC/ISI 
Security Protocols:       IPv4 AH  
Security Transforms:      null, Internet checksum, MD5, proprietary 
                            null and Internet checksum  
                            for performance measurement 
Key Management:           Statically configured keys  
                          implementation for performance measurement only 
Lineage of Code:          SunOS 4.1.3, using "from scratch" and code 
                          adapted from the NRL IPv6 BSDI implementation 
Location of Source Code:  to be announced in March  
Point of Contact:         Joe Touch, 
                          touch@isi.edu