[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP transform with RC5
Michael Richardson writes:
> For a little more context: the RSA folks got most of the firewall vendors
> together last August to discuss RSA DSI and firewalls. We had a problem: we
> needed to interoperate on virtual private network technology, particularly
> when it came to road-warrior notebooks. We agreed that swipe and SKIP were
> interesting, but that the firewall vendors had to implement something that
> the PC/Mac stack vendors were going to implement.
Er, there is perhaps a misperception here.
swIPe was a long dead experiment. SKIP is a key management protocol,
which fits in the same place in the stack as Photuris or Oakley.
We already had perfectly good IPsec transforms written and in place,
by the way.
> Thus S/WAN was born. Just take the then current ipsec, nail some parameters
> down, and take the first step.
The only difference I can see between IPsec and S/WAN is that S/WAN
uses RC5 instead of something like 3DES. Can you correct me on this?
> The various vendors didn't really have anyone that they felt could
> coordinate their efforts.
The IETF, perhaps?
Perry
Follow-Ups:
References: