[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISAKMP Implementation Analysis
Hello,
I am interested in comparing current freely available ISAKMP-
Oakley implementations for BSD platforms, such as Cisco's ISAKMP
code and "Pluto" by Angelos Keromytis. Does anyone know of
information sources for the following, for these or other BSD
ISAKMP implementations?
- the degree of policy flexibility (is the security proposal
requested/accepted hard-coded, or can it be configured?)
- the subset of ISAKMP implemented (which, if any, optional
features are implemented?)
- the interface from the ISAKMP code to the IPSec code (known
for Cisco's release).
- Is the ISAKMP code separated from the cryptographic code? If
so, does ISAKMP use a standardized CAPI (e.g. Cryptoki)? How
much access does the ISAKMP code have to raw cryptographic
key data?
- robustness of code
- How well structured and understandable is the code? How easily
could a new DOI or policy engine be integrated?
- performance
Thank you in advance,
Ruth Taylor
Follow-Ups: