[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESP RC5 and S/WAN



Perry,
        You might want to check out the S/WAN information on 
http://www.rsa.com/rsa/SWAN.  The current effort is aimed at
helping vendors to implement AH and ESP with manual DES key loading.
There is an interoperability matrix on a sub-page that shows
how far the 11 current vendors have gotten (a long way!).
        S/WAN is basically an initiative run by vendors who are
actually implementing the IPsec working group standards, and so
far it has been quite successful.
        A few of the vendors have requested that RSADSI help them
get 1) better performance than DES in software, and 2) the ability
to sell an IPsec product internationally, or at least being able
to create a demo versions that can be downloaded internationally,
and 3) a cipher that is stronger than DES.
        The ESP based on RC5 is a response to these requests.
RC5 with 128 bit keys and 12 rounds meets requirements 1 and 3,
and a 40 bit RC5 we hope will meet requirements 1 and 2 (so far
no vendors has formally requested export of 40 bit RC5).
        I think the main thing to notice is that 11 vendors now have
implementations of DES based ESP.  They also all support the
MD5 AH header and some of them support the new HMAC nested MD5
integrity check for AH.  In this respect, I hope that you can see that
RSADSI is help the IPsec group further many of its goals.
        The vendors of IPsec products will only license technologies
from RSADSI if it benefits them and their customers.  The S/WAN
initiative seeks to complement the good work of the IPsec group
to incorporate the perspective of the TCP/IP vendors, many of whom
have an global market.
                --Bob

______________________________ Reply Separator _________________________________
Subject: Re: ESP transform with RC5 
Author:  perry@piermont.com at INTERNET
Date:    3/18/96 11:55 AM

Just for context for everyone, the RSA DSI folks are (or at least, 
were) attempting to push this thing they call S/WAN, which is 
basically IPsec using RC5 to make it into something proprietary that 
RSA DSI has a patent on and thus gets royalties for. It doesn't have 
any real advantages to anyone other than RSA DSI, which has an obvious 
stake in its widespread deployment...


Perry



Follow-Ups: