[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec Interoperability Week #1

To: ipsec@tis.com
Subject: IPsec Interoperability Week #1
From: Robert Moskowitz <rgm3@chrysler.com>
Date: Thu, 21 Nov 1996 16:35:41 -0500
Reply-To: rgm3@chrysler.com
Sender: owner-ipsec@ex.tis.com

The following is a proposal from the AIAG to all IPSec implementors.

We are very serious about getting product.  To the extent that we will
supply resources to get interoperablity.

Below is the general plan for an interoperability week.  Please discuss it
here, amongst yourselves and with us.  We are open to fleshing out (ie
nailing down) what ever details are appropriate.  Of course, I will be at
IETF to take what ever blooding deemed appropriate, just remember that I
have to leave on friday ;)

IPsec Interoperability Week #1

TO:	All implementers of the Ipsec protocols
From:	The Automotive Industry Action Group
	ANX Security work group
What:	1st working session for IPsec interoperability
Where:	MCI’s Richardson Texas test facilities
When:	January 6th - 10th, 1997
Participation Contact:	fbowdon@mcimail.com (810 351-5124),
cwinter@mcimail.com (810 351-5257)
RSVP by:	Dec 10th, 1997
Document Questions/Issues:		rgm3@chrysler.com by Dec 6th, 1996

GOALS:

Determine the current state of deployablity of IPsec components for the
Auto industry.  At this time, demonstration of Key management via
Oakley/ISAKMP is very important to the ANX work group.  The intention is to
create as close to a real world inter-company environment for vendor
testing.  Multiple scenario testing will be desired.  Work on the basis
that firewalls, split DNS, and private addressing is common.  Subsets of
these situations will be documented.

Participants minimally need to have product that uses RFCs 1825-9, Oakley
aggressive or main mode with authentication with pre-shared keys

Border-to-border via tunneling
	Consider access to ‘trade zones’ or entire company network.
Remote-to-border
Remote-to-interior
Interior-to-foreign border
	Through local border
Interior-to-interior

Technology to demonstrate interoperability:

Basic IPsec protocols, emphasis on ESP-HMAC
	(add draft name here)
Keying material for IPsec setup with Key Management exchange via
Oakley/ISAKMP (Choice of ANX wg)
	(all three drafts)
	Proxy modes
	Please provide Oakley modes demonstrable at this time.
Public key format of X.509v3
	Keys can be cached
X.509 key retrieval via LDAP
	CA will be provided for testing

Subsets of these will be documented by product.  A more compete testing
matrix and success criteria will be developed between now and Dec 8th. 

Policy issues will be sorted out as well is operational:

Unintended routing through multiple tunnels
Access control granularity
Oakley and ESP options as X.509 extensions
	Des vs 3Des, Compression supported, others

The test facility will be connected to the Internet, so vendors unable to
attend are encouraged to contact the MCI coordination team (TBN) to work
out arrangements for remote participation.

Follow up testing will be planned for 2Q97.



Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Follow-Ups:

Re: IPsec Interoperability Week #1

From: Matt Thomas <matt@lkg.dec.com>

Prev by Date: Re: Packet-by-packet compression within IPSec
Next by Date: compression transform conclusions
Next by thread: Re: proposed IPSEC changes/extensions
Index(es):
- Main
- Thread