[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP transform with RC5
>From: Michael Richardson
<....
> Again, I'm reporting what was discussed.
<... stuff removed
> Why was swIPe on the table?
< ... etc. ..
I am not sure where the discussion is going in trying to examine the history
of IP layer security mechanisms and proposals. The technology represents many
years of research and our Internet focus is often myopic in viewing only the
free software or mailing list posted efforts.
The original ARPA work was started in the late 70's. Public specifications
were available for SP3 in 1988 for IP security complete with a key management
protocol (KMP). NLSP circa 1991 is an international specification (derived
from SP3) with many implementations in Europe. Commercial implementations
based on SP3 and NLSP started to appear in 1992. swIPe was one of the first
free implementations posted and so was adopted quickly by some vendors.
Significant "commercial" vendor interest did not appear until last year with
many Firewall and router vendors backing the use of IP layer security.
To my knowledge, all of the S/WAN testing has been directed at the "baseline"
definitions of AH and ESP. These are DES and MD5 based encapsulations.
Additional algorithms, like RC5, have been added by vendors for "extra credit"
(aka perception of market benefits).
ESP with RC5 will be an Informational RFCs. ESP-RC5 will not be a "baseline"
mechanism since the consensus of the group for a long time has been to use DES
as the "mandatory" algorithm for confidentiality.
Paul