Oops,
>The following nine individuals and vendors have responded to the IPSEC
>implementation survey.
Make that:
The following eleven....
I suspect that there are other implementations. Any other implementations
obviously must not be viable standards compliant products or they would be
involved in the IETF process:-)
Responses to the IPSEC survey are still solicited.
Paul
--------------------------------------------------------------
Paul Lambert Director of Security Products
Oracle Corporation Phone: (415) 506-0370
500 Oracle Parkway, Box 659410 Fax: (415) 413-2963
Redwood Shores, CA 94065 palamber@us.oracle.com
--------------------------------------------------------------
I have received many requests for information on ipsec implementations. Our
working group also needs to coordinate interoperability testing among
ourselves. To this end, would ipsec implementors please fill out the
following survey and post your completed survey to the ipsec mailing list
(ipsec@tis.com).
Thanks in advance,
Paul A. Lambert
ipsec co-chair
*************************** Attachement ********************
IPSEC Implementation Survey
************************************************************
Name of Implementation: <agency, or company, person, group,
e.g. NRL, KA9Q, Bozotronics>
Security Protocols: <ESP, AH, NLSP, proprietary>
Security Transforms: <ESP-DES, ESP-DES3, etc.>
Key Management: <photuris, skip, custom, manual,
kerberos, etc.>
Lineage of Code: <optional, example - based on NRL,
mutant of x and y, scratch, etc.>
Location of Source Code: <URL, mailing instructions, proprietary>
Point of Contact: <name, e-mail, etc.>
************************************************************
-- BEGIN included message
- To: ipsec@tis.com
- Subject: IPSEC Implementation Survey
- From: "PALAMBER.US.ORACLE.COM" <ipsec-request@neptune.tis.com>
- Date: 26 Feb 96 19:23:08
- Cc: swan-dev@rsa.com
The following nine individuals and vendors have responded to the IPSEC implementation survey. ERPIPSEC ETHZ / ENskip IBM JI KA9Q NOS Morning Star SecureConnect Network Systems BorderGuard and Security Router NRL Sun ICG TimeStep PERMIT USC/ISI The results of this first survey (as of February 26, 1996) are provided below. _______________________________________________________________________ Name of Implementation: ERPIPSEC, BELLCORE, Antonio Fernandez Security Protocols: ESP, AH Security Transforms: ESP-DES, AH-MD5_128,64,32 Key Management: manual Location of Source Code: proprietary Point of Contact: Antonio Fernandez, afa@bellcore.com _______________________________________________________________________ Name of Implementation: ETHZ / ENskip Security Protocols: SKIP (draft 6), limited AH & ESP (SPI=1) Security Transforms: ESP-DES, ESP-3DES, ESP-IDEA, ESP-RC4, AH-MD5 (some of these transforms are not yet standarized) Key Management: only via SKIP, (manual, X.509 and 'DH public value' keying). (plus non-standardized PFS) Lineage of Code: Works under Solaris 2.4+, IRIX, NetBSD, Nextstep. Location of Source Code: ftp://ftp.tik.ee.ethz.ch/pub/packages/skip (X.509 and PFS not yet publicly available) Point of Contact: skip@tik.ee.ethz.ch _______________________________________________________________________ Name of Implementation: IBM Security Protocols: ESP, AH, both tunnel and transport mode Security Transforms: ESP-DES (32-bit and 64-bit IV), keyed-MD5, new keyed-MD5 proposed by Hugo Key Management : Manual+Fast Key Refreshment>, SKEME (in progress), Photuris (in Progress) Lineage of Code: IBM Proprietary, about 10k to 15K lines (rough estimate, including ESP, AH, and Key Management). Location of Source Code: Proprietary Point of Contact: pau@yktvmv.vnet.ibm.com _______________________________________________________________________ Name of Implementation: JI Security Protocols: ESP, AH, Protocol-4 encapsultation Security Transforms: ESP-DES, AH-MD5 Key Management: manual, Photuris; PF_ENCAP keying i/f, PF_ROUTE extensionsl Lineage of Code: Written from scratch, entirely in Greece, for BSD/OS 2.0, Location of Source Code: ji's home machine The promised end-January-96 release is not ready yet; it should be (freely) available from ftp.ripe.net RSN. Point of Contact: ji@hol.gr _______________________________________________________________________ Name of Implementation: KA9Q NOS Security Protocols: ESP, AH Security Transforms: ESP-DES & ESP-DES3, each with 0,32 and 64-bit IVs; keyed MD5 Key Management: manual Lineage of Code: scratch Location of Source Code: Not yet released. Will release soon, modulo export rules Point of Contact: karn@unix.ka9q.ampr.org ________________________________________________________________________ Name of Implementation: Morning Star SecureConnect Security Protocols: ESP, AH Security Transforms: ESP-DES, AH-MD5 Key Management: manual Lineage of Code: scratch Location of Source Code: proprietary Point of Contact: Karl Fox <karl@morningstar.com> _______________________________________________________________________ Name of Implementation: Network Systems BorderGuard and Security Router Security Protocols: Proprietary Security Transforms: Des, Idea, 3DES, NSC1 (proprietary), MD5, Replay, D-H and RSA Key Management: Proprietary Lineage of Code: scratch Location of Source Code: proprietary Point of Contact: Ted Doty <ted@kgbvax.network.com> ________________________________________________________________________ Name of Implementation: NRL Security Protocols: ESP, AH -- for BOTH IPv4 and IPv6 Security Transforms: ESP-DES, AH-MD5 Key Management: manual, PF_KEY interface for key management daemons Lineage of Code: derived from and portable to 4.4-Lite BSD Location of Source Code: ftp://ftp.ripe.net/ipv6/nrl/IPv6_domestic.tar.gz for the September 1995 alpha release. January 1996 alpha-2 release is not yet at an ftp site, but should appear soon in the protected "US-only" archives at ftp.c2.org. Point of Contact: ipv6-bugs@cs.nrl.navy.mil _______________________________________________________________________ Name of Implementation: Sun ICG Security Protocols: ESP, AH, proprietary Security Transforms: ESP-DES, ESP-DES3, AH/KEYED MD5 Key Management: SKIP Lineage of Code: Location of Source Code: http://skip.incog.com Point of Contact: markson@incog.com _______________________________________________________________________ Name of Implementation: TimeStep PERMIT Security Protocols: ESP, AH, proprietary Security Transforms: ESP-DES Key Management: proprietary, manual Lineage of Code: from scratch Location of Source Code: proprietary Point of Contact: Stephane Lacelle slacelle@timestep.com _______________________________________________________________________ Name of Implementation: USC/ISI Security Protocols: IPv4 AH Security Transforms: null, Internet checksum, MD5, proprietary null and Internet checksum for performance measurement Key Management: Statically configured keys implementation for performance measurement only Lineage of Code: SunOS 4.1.3, using "from scratch" and code adapted from the NRL IPv6 BSDI implementation Location of Source Code: to be announced in March Point of Contact: Joe Touch, touch@isi.edu
-- END included message