[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPsec documents

To: "'ipsec@tis.com'" <ipsec@tis.com>
Subject: IPsec documents
From: Robert Moskowitz <rgm3@chrysler.com>
Date: Thu, 26 Jun 1997 17:25:14 -0400
Reply-To: rgm3@chrysler.com
Sender: owner-ipsec@ex.tis.com

Ted is on vacation this week, so I have been working at double capacity to
jumpstart this workgroup.  As a result, some pieces of information of what
is occuring has been filtering out.  I had no intension of working off
line, but a series of events made the process equivalent to this.  Water
over the dam.  Here goes.

The following classes of documents have been on the horizon of this group:

Architecture
Transforms
Transform implementations
KMP DOI
KMP

The two transform classes came about to limit information repetition for
each cipher or authenticator.  Steve Kent has been working on the first
(main) transform class.  However, there was limited work on the
implementations.  There was a standing recognition that Hughes and Glenn
drafts needed to be re-worked, but were not.  This was discussed in the
first Memphis session.

To this end, my first task was to round up the various volunteers to write
these implementations in a consistent manner.  Interestingly, this process
has become a sort of a 'proof' of the completeness of the main transform
documents and the DOI and Oakley resolution.  So these authors were
contacted as well.

By the middle of next week, Ted's and my goal is to have a set of documents
ready for review by the whole workgroup.

First off, in the process of writing a large set of cipher documents, a
framework document evolved.  A number of authors felt that this would be
useful for everyone, so an IPsec Document Framework document will be the
first new item for the workgroup.

Next the following ciphers are being written:

DES-CBC with implicit IV
DES-CBC with explicit IV
3DES-CBC (most likely with implicit IV, stay tuned on this IV item)
CAST 128
RC5
Blowfish
Idea
Might see a DESX let also.

The following authenticators are being written in a manner that can be used
for either AH or ESP (ie, ESP with authentication):

HMAC MD5 96
HMAC SHA1 96

Writing these have already resulted in changes for DOI, and most likely for
Oakley Resolution.  Lessons learned.

They are also raising some questions for ESP and AH (To Be Address).

So take this as a heads up to lub your printers and break out your
magnifying glasses.  Constructive review is important.  We are working hard
to get them done in time for one round of changes before ID cutoff.


Thank you all.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212

Prev by Date: CAST-128 - A few Comments from the Author...
Next by Date: RC4 esp draft from a while back...
Prev by thread: CAST-128 - A few Comments from the Author...
Next by thread: RC4 esp draft from a while back...
Index(es):
- Main
- Thread