[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP Implementation Analysis

To: ipsec@tis.com, isakmp-oakley@cisco.com
Subject: ISAKMP Implementation Analysis
From: rct@epoch.ncsc.mil (Ruth C. Taylor)
Date: Fri, 5 Jun 98 15:32:46 EDT
Sender: owner-ipsec@ex.tis.com


Hello,

I am interested in comparing current freely available ISAKMP-
Oakley implementations for BSD platforms, such as Cisco's ISAKMP 
code and "Pluto" by Angelos Keromytis. Does anyone know of 
information sources for the following, for these or other BSD 
ISAKMP implementations? 

 - the degree of policy flexibility (is the security proposal
     requested/accepted hard-coded, or can it be configured?)
 - the subset of ISAKMP implemented (which, if any, optional
     features are implemented?)
 - the interface from the ISAKMP code to the IPSec code (known
     for Cisco's release).
 - Is the ISAKMP code separated from the cryptographic code? If
     so, does ISAKMP use a standardized CAPI (e.g. Cryptoki)? How 
     much access does the ISAKMP code have to raw cryptographic 
     key data?
 - robustness of code
 - How well structured and understandable is the code? How easily
      could a new DOI or policy engine be integrated?  
 - performance

Thank you in advance,
Ruth Taylor

Follow-Ups:

Re: ISAKMP Implementation Analysis

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Prev by Date: RE: IPCOMP and IPSEC
Next by Date: Re: ISAKMP Implementation Analysis
Prev by thread: I-D ACTION:draft-mcdonald-pf-key-v2-06.txt
Next by thread: Re: ISAKMP Implementation Analysis
Index(es):
- Main
- Thread