[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPsec Implementation Summary (7/23/96)
This is the IETF IPsec WG Implementation Status as of 23 July 1996.
There are 8 known freely distributable implementations (listed first) and
10 known commercial/proprietary implementations (listed afterwards).
Some of the listed implementations are "planned" or "in progress".
Not all implementations include all of the IETF IPsec specifications
and/or proposals. Claimed interoperability is also listed. Not all
implementations have been tested against each other, so not listing
interoperability might mean that the implementations were never tested
against each other.
Paul Lambert <palamber@us.oracle.com>
Randall Atkinson <rja@cisco.com>
Co-Chairs of the IP Security WG
Internet Engineering Task Force
�
Here is the list of freely distributable IPsec implementations:
_______________________________________________________________________
Name of Implementation: x-Kernel IPsec
Organisation: Univ. of Arizona, Dept of CS
IP versions: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES
Key Management: manual, Photuris (draft 8, Elliptical curves)
Platforms: x-Kernel (U of AZ's research OS)
Lineage of IPsec Code: University of Arizona
Lineage of Key Mgmt Code: University of Arizona
Location of Source Code: ftp://ftp.cs.arizona.edu/xkernel/
xkernel.v3.2.security.tar.Z
Point of Contact: Hilarie Orman <ho@cs.arizona.edu>
Claimed Interoperability: KA9Q NOS (AH MD5, ESP DES),
JI (Photuris, AH MD5)
_______________________________________________________________________
Name of Implementation: ENskip
Organisation: ETH Zurich
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): Partial (SPI == 1 only)
ESP (RFC-1825,1827): Partial (SPI == 1 only)
AH MD5 (RFC-1828): YES, with 128, 64, & 32 bit keys
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES, ESP-IDEA, ESP-RC4
Key Management: SKIP (draft 6)
Platforms: Solaris 2.4+, IRIX (version ??), NetBSD, Nextstep
Lineage of IPsec Code: ETH Zurich
Lineage of Key Mgmt Code: ETH Zurich
Location of Source Code: ftp://ftp.tik.ee.ethz.ch/pub/packages/skip
Point of Contact: <skip@tik.ee.ethz.ch>
Claimed Interoperability: Sun SKIP
_______________________________________________________________________
Name of Implementation: ISAKMP with Oakley Extensions Key Mgmt Daemon
Organisation: cisco Systems
Which IP versions are supported: IPv4 and IPv6
Implemented Features:
AH (RFC-1825,1826): Not applicable
ESP (RFC-1825,1827): Not applicable
AH MD5 (RFC-1828): Not applicable
ESP DES (RFC-1829): Not applicable
Other AH Transforms: Not applicable
Other ESP Transforms: Not applicable
Key Management: ISAKMP with Oakley Extensions
Platforms: Any system with the NRL PF_KEY key management API
Lineage of IPsec Code: not applicable
Lineage of Key Mgmt Code: cisco Systems
Location of Source Code: http://web.mit.edu/network/isakmp/
http://www.cisco.com/public/library/isakmp.html
Note: Patent issues have been taken care of by cisco.
Point of Contact: Dan Harkins <dharkins@cisco.com>
Public Mailing List: <isakmp-oakley@cisco.com>
Claimed Interoperability: (UK) DRA Malvern's ISAKMP as of ISAKMP draft 4.
_______________________________________________________________________
Name of Implementation: ISI/USC
Organisation: Information Sciences Institute, USC
Which IP versions are supported: IPv4
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): NO
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): NO
Other AH Transforms: checksum, proprietary
Other ESP Transforms: none
Key Management: staticly configured
Platforms: BSD
Lineage of IPsec Code: Both NRL-derived and ISI-developed
Lineage of Key Mgmt Code: not applicable
Location of Source Code: (expected March 1996)
Point of Contact: Joe Touch <touch@isi.edu>
Claimed Interoperability:
_______________________________________________________________________
Name of Implementation: JI's IPsec
Organisation: John Ioannidis
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: HMAC MD5 in progress ???
Other ESP Transforms: none
Key Management: manual, Photuris (which draft ?) in progress,
PF_ENCAP keying interface, PF_ROUTE extensions
Platforms: BSD/OS 2.0
Lineage of IPsec Code: JI
Lineage of Key Mgmt Code: Angelos D, Keromytis
<angelos@gradient.cis.upenn.edu>
Location of Source Code: TBD
Point of Contact: John Ioannidis <ji@hol.gr>
Claimed Interoperability:
_______________________________________________________________________
Name of Implementation: KA9Q NOS
Organisation: Phil Karn
Which IP versions are supported: IPv4
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES
Key Management: manual
Platforms: DOS with KA9Q NOS
Lineage of IPsec Code: Phil Karn
Lineage of Key Mgmt Code: not applicable
Location of Source Code: (available soon)
Point of Contact: Phil Karn <karn@unix.ka9q.ampr.org>
Claimed Interoperability:
_______________________________________________________________________
Name of Implementation: NIST/NSA IPSEC Prototype
Organisation: NIST & NSA
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: AH-HMAC-SHA, AH-HMAC-MD5
Other ESP Transforms:
Key Management: manual, PF_SADB interface
Platforms: BSD/OS, NetBSD, FreeBSD, DTOS
Lineage of IPsec Code: NIST & NSA
Lineage of Key Mgmt Code: NIST & NSA
Location of Source Code: Code available, contact Mike Oehler.
Point of Contact: Rob Glenn, Rob.Glenn@nist.gov,
Michael Oehler, mjo@tycho.ncsc.mil, (301) 688-0849
Claimed Interoperability: NRL, Gemini, Ftp Software, IBM, Morningstar,
Raptor, Secure Computing, SOS, and TIS
________________________________________________________________________
Name of Implementation: NRL IPv6/IPsec Software Distribution
Organisation: Naval Research Laboratory (NRL)
Which IP versions are supported: IPv4 and IPv6
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: AH-HMAC-MD5, AH-HMAC-SHA
Other ESP Transforms: DES-CBC-MD5-Replay is planned.
Key Management: manual, PF_KEY Key Management API,
includes cisco's ISAKMP+Oakley daemon.
Platforms: any 4.4-Lite BSDish system, NetBSD, BSDI, 4.4 BSD
Lineage of IPsec Code: NRL, with some AH transforms contributed by NIST
Lineage of Key Mgmt Code: cisco Systems
Location of Source Code:
US: http://web.mit.edu/network/isakmp
US/Canada: http://www.cisco.com/public/library/ipsec.html
Europe: ftp://ftp.ripe.net/ipv6/nrl/
Point of Contact: <ipv6-info@cs.nrl.navy.mil>
Claimed Interoperability: (all are for ESP DES, AH MD5)
Ascend, V-One, TIS, IBM, KA9Q,
& NRL-derived implementations
_______________________________________________________________________
Name of Implementation: Sun SKIP
Organisation: Sun Microsystems' Internet Commerce Group (Sun ICG)
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES
Key Management: SKIP
Platforms: SunOS 4.1.x, FreeBSD 2.1.0
Lineage of IPsec Code: Sun ICG
Lineage of Key Mgmt Code: Sun ICG
Location of Source Code: http://skip.incog.com
Point of Contact: Tom Markson <markson@incog.com>
Claimed Interoperability: ETH Zurich's EnSKIP, Elvis SKIP,
Checkpoint Firewall-1
�
Here is the list of commercial/proprietary IETF IPsec implementations:
________________________________________________________________________
Name of Implementation: AccessSecure
Organisation: Ascend Communications
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES, with variable length keys
ESP DES (RFC-1829): YES, 32-bit or 64-bit IV
Other AH Transforms: none
Other ESP Transforms: none
Key Management: manual
Platforms: Ascend Pipeline and Max routers
Lineage of IPsec Code: Ascend (was MorningStar)
Lineage of Key Mgmt Code: not applicable
Location of Source Code: proprietary
Point of Contact: Karl Fox <karl@morningstar.com>
Claimed Interoperability: NRL, Checkpoint, IBM, NIST, Raptor,
Secure Computing, SOS, TimeStep, TIS,
Gemini, KA9Q NOS
_______________________________________________________________________
Name of Implementation: ERP IPSEC
Organisation: Bellcore
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES, with 128, 64, & 32 bit keys
ESP DES (RFC-1829): YES
Other implemented AH transforms: none
Other implemented ESP transforms: none
Key Management: manual
Platforms: ???
Lineage of IPsec Code: ???
Lineage of Key Mgmt Code: not applicable
Location of Source Code: proprietary
Point of Contact: Antonio Fernandez <afa@bellcore.com>
Claimed Interoperability:
_______________________________________________________________________
Name of Implementation: cisco IOS (TM)
Organisation: cisco Systems
Which IP versions are supported: IPv4 & IPv6 in progress
Implemented Features:
AH (RFC-1825,1826): In Progress
ESP (RFC-1825,1827): In Progress
AH MD5 (RFC-1828): In Progress
ESP DES (RFC-1829): In Progress
Other implemented AH transforms: AH-HMAC-MD5 & AH-HMAC-SHA in progress.
Other implemented ESP transforms: DES-CBC-MD5-Replay in progress,
proprietary DES transform.
Key Management: proprietary now; ISAKMP+Oakley in progress
Platforms: cisco
Lineage of IPsec Code: cisco Systems
Lineage of Key Mgmt Code: cisco Systems
Location of Source Code: proprietary
Point of Contact: Cheryl Madson <cmadson@cisco.com>
Claimed Interoperability: TBA
_____________________________________________________________________
Name of Implementation: MultiNet for Windows (Cisco TCP/IP Suite 100)
Organisation: Cisco/TGV
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES (w/ latest Internet Drafts)
ESP (RFC-1825,1827): YES (w/ latest Internet Drafts)
AH MD5 (RFC-1828): NO
ESP DES (RFC-1829): NO
Other AH Transforms: AH-HMAC-MD5, AH-HMAC-SHA
Other ESP Transforms: DES-CBC-MD5-Replay
Key Management: manual keying, has PF_KEY API
ISAKMP/Oakley in progress
Platforms: Windows 95
Lineage of IPsec Code: TGV and cisco,
referenced the NRL software
Lineage of Key Mgmt Code: TGV and cisco
Location of Source Code: proprietary
Point of Contact: Derrell Piper <piper@tgv.com>
Claimed Interoperability: TBD
_______________________________________________
Name of Implementation: OnNet
Organisation: ftp Software
Which IP versions are supported: IPv4 now, IPv6 planned
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: none
Key Management: manual now; ISAKMP+Oakley is planned.
Platforms: Windows95, Windows 3.11
Lineage of IPsec Code: FTP Software;
referenced but didn't port the NRL software.
Lineage of Key Mgmt Code: FTP Software;
referenced but didn't port the NRL software.
Plan to port cisco's ISAKMP+Oakley code.
Location of Source Code: proprietary
Point of Contact: Naganand Doraswamy <naganand@ftp.com>
Claimed Interoperability: Raptor, SCC, IBM, & TIS now;
testing with NRL is in progress.
_______________________________________________________________________
Name of Implementation: Trusted Security Firewall-Guard (GTFW-GD)
Organisation: Gemini
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: AH-SHA, proprietary
Other ESP Transforms: none
Key Management: manual, proprietary
Platforms: Gemini Trusted Firewall-Guard
Lineage of IPsec Code: Gemini
Lineage of Key Mgmt Code: Gemini
Location of Source Code: Proprietary
Point of Contact: Dr. Tien F. Tao <tft@main.geminisecure.com>
Claimed Interoperability: IBM SNG, MorningStar, NIST, Raptor Systems,
SCC, SOS, TIS
_______________________________________________________________________
Name of Implementation: IBM SNG
Organisation: IBM
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES, both 32-bit & 64-bit IV
Other AH Transforms: HMAC MD5
Other ESP Transforms: none
Key Management: manual, proprietary
Platforms: IBM AIX
Lineage of IPsec Code: IBM
Lineage of Key Mgmt Code: IBM
Location of Source Code: proprietary
Point of Contact: <pau@watson.ibm.com>
Claimed Interoperability:
For ESP-DES & AH-MD5: NRL, JI, KA9Q, NIST, TIS, Checkpoint, SOS,
Gemini, MorningStar, Raptor, SCC, TimeStep
For ESP-DES & HMAC MD5: NIST, Raptor
_______________________________________________________________________
Name of Implementation: SafeNet
Organisation: Information Resources Engineering, Inc.
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): Planned
ESP (RFC-1825,1827): In Progress
AH MD5 (RFC-1828): Planned
ESP DES (RFC-1829): In Progress
Other AH Transforms: none
Other ESP Transforms: DES-Counter-ANSI-X9.9
Key Management: SKIP in progress; various ANSI in progress
Platforms: V.34 modem, IP over PPP, Ethernet
Lineage of IPsec Code: Information Resources Engineering
Lineage of Key Mgmt Code: Information Resources Engineering
Location of Source Code: proprietary
Point of Contact: <gmcgreal@ire.com>
Claimed Interoperability: TBA
_______________________________________________________________________
Name of Implementation: BorderGuard and Security Router
Organisation: Network Systems
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): TBD
ESP (RFC-1825,1827): In Progress
AH MD5 (RFC-1828): TBD
ESP DES (RFC-1829): TBD
Other AH Transforms: none
Other ESP Transforms: DES-CBC-MD5-Replay in progress
Key Management: manual, proprietary D-H are done now.
ISAKMP+Oakley is in progress.
Platforms: Network Systems routers
Lineage of IPsec Code: Network Systems
Lineage of Key Mgmt Code: Network Systems
Location of Source Code: proprietary
Point of Contact: Ted Doty <ted@kgbvax.network.com>
Claimed Interoperability: TBD
_______________________________________________________________________
Name of Implementation: CryptoWall (TM)
Organisation: RADGUARD, Ltd.
IP versions: IPv4
Implemented Features:
AH (RFC-1825,1826): In progress
ESP (RFC-1825,1827): In progress
AH MD5 (RFC-1828): In progress
ESP DES (RFC-1829): In progress
Other AH Transforms: none
Other ESP Transforms: DES-CBC+DES-MAC in progress
Key Management: In progress
Platforms: CryptoWall
Lineage of IPsec Code: RADGUARD
Lineage of Key Mgmt Code: RADGUARD
Location of Source Code: proprietary
Point of Contact: Dan Frommer <dan@radguard.com>
Claimed Interoperability: TBD
_______________________________________________________________________
Name of Implementation: Eagle
Organisation: Raptor Systems
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: AH-HMAC-MD5
Other ESP Transforms: DES-CBC-MD5-Replay is planned
Key Management: manual, proprietary
Platforms: Raptor Eagle Firewall
Lineage of IPsec Code: Raptor
Lineage of Key Mgmt Code: proprietary
Location of Source Code: proprietary
Point of Contact: Jeff Kraemer <jkraemer@raptor.com>
Claimed Interoperability: FTP Software, IBM SNG, MorningStar, NIST,
Secure Computing, SOS, TimeStep, TIS, Gemini
______________________________________________________________________
Name of Implementation: Sidewinder Firewall
Organisation: Secure Computing
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: none
Key Management: manual
Platforms: Sidewinder Firewall
Lineage of IPsec Code: ???
Lineage of Key Mgmt Code: not applicable
Location of Source Code: proprietary
Point of Contact: <minear@sctc.com>
Claimed Interoperability:
_______________________________________________________________________
Name of Implementation: PERMIT
Organisation: TimeStep
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: HMAC-MD5 and HMAC-SHA are both in progress
Other ESP Transforms: RCx in progress
Key Management: manual, proprietary, ISAKMP+Oakley in progress
Platforms: Windows 3.11, Windows95, WindowsNT in progress
Lineage of IPsec Code: Timestep
Lineage of Key Mgmt Code: TimeStep
Location of Source Code: proprietary
Point of Contact: Stephane Lacelle <slacelle@timestep.com>
Claimed Interoperability: IBM, Raptor, Checkpoint, TIS, Morningstar
_______________________________________________________________________
Name of Implementation: TIS Gauntlet
Organisation: Trusted Information Systems
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES
Key Management: manual, proprietary
Platforms: TIS Gauntlet
Lineage of IPsec Code: NRL-derived
Lineage of Key Mgmt Code: TIS ???
Location of Source Code: proprietary
Point of Contact: Rick Murphy, rick@tis.com
Claimed Interoperability: NRL
_______________________________________________________________________
Name of Implementation: V-ONE SmartWall
Organisation: V-One
Which IP versions are supported: IPv4
Implemented Features:
AH (RFC-1825,1826): YES
ESP (RFC-1825,1827): YES
AH MD5 (RFC-1828): YES
ESP DES (RFC-1829): YES
Other AH Transforms: none
Other ESP Transforms: ESP-3DES, RC4, stream DES
Key Management: manual, proprietary
Platforms: V-ONE SmartWall
Lineage of IPsec Code: NRL-derived
Lineage of Key Mgmt Code: V-One ???
Location of Source Code: proprietary
Point of Contact: Jason Wang <jswang@v-one.com>
Claimed Interoperability: NRL
______________________________________________________________________
--