[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec interop workshop Aug 31st - Sept 3 invitation



What about the previously announced IBM workshop in the fall?  


> ICSA in conjunction with IBM are planning the next IPsec workshop. 
> 
> The date we have been able to get is the week of Oct 26th.  The host is
> IBM's AS/400  Endicott group and they will be hosting it at Holiday Inn
> Arena, Binghamton, New York.  We are working out the site details. 
> 
> Why YAW? 
> 
> CA interoperablity. 
> 
> I am working on significant CA participation.  Got a couple items in the
> works that should be announced next month. 
> 
> IPPCP  --  Remote clients, ya know? 
> 
> Remote client support. 
> 
> I hope we can set direction for remote client support and do at least some
> engineering level work with whatever direction gets set. 
> 
> Complex architecture. 
> 
> Transport within tunnels.  NAT traversal.  Mobile gateways.  Other
> nasties. 
> 
> And of course new comers and others. 
> 
> Although non IPsec developers are welcome to come, They should develop a
> test plan to help the developers.  Time for this around Chicago time. 
> 
> 
> Anyway.  That is the date and location.  I will soon be announcing how to
> get in touch for reservations and workshop planning. 
> 
> 
> 
> 
> Robert Moskowitz 
> ICSA 
> Security Interest EMail: rgm-sec@htt-consult.com
> 
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com


> ----------
> From: 	William Dixon[SMTP:wdixon@microsoft.com]
> Sent: 	Tuesday, August 04, 1998 5:17 AM
> To: 	'ipsec@tis.com'
> Subject: 	IPSec interop workshop Aug 31st - Sept 3 invitation
> 
> I am concerned that we are not having enough opportunities for
> comprehensive
> and/or sophisticated interoperability testing.  So I'd like to offer one
> during the week after the IETF (not great timing I know).  I've got room
> for
> about 30 people plus equipment.  So please "r" me if interested and give
> me
> a few days to respond.  I'd like someone from ICSA to attend also.  By the
> end of the week I hope to have enough responses to determine if it will be
> worthwhile.  Thanks, -Wm
> 
> 
> Announcement of IPSec Bakeoff Opportunity
> Mon-Thurs, Aug 31st- Sept 3
> Microsoft Main Campus, Olympic Room in bldg. 27S
> Redmond, WA
> 
> Contents:
> 1. Purpose - Criteria
> 2. Proposed functionality testing
> 3. Proposed daily agenda
> 
> 1. Purpose
> Provide IPSec vendor developers of the most complete IPSec implementations
> a
> small-scale, mixed vendor environment to further test IPSec
> interoperability
> for transport and tunneling, under load, across a variety of network
> topologies, including dialup, 100Mbit Ethernet and across Internet WAN
> links.  To test attack resilience of IPSec implementations.  To begin
> testing L2TP/IPSec interop.  No press releases, just interop work.  Wider
> interop shake out for base and extended families of ICSA v2.0 criteria.
> Increase consensus among IPSec vendors for how to solve some common
> deployment problems and prepare for IBM's full bakeoff in October.
> 
> Due to the small facility, I'd like to prioritize for those who can
> negotiate and perform ALL of the following functionality:
> IKE - Negotiate and perform
> 	- Multiple auth method proposals
> 	- Certificate authentication and certificate request payloads
> 	- Dynamic rekey with PFS for both main mode and quick mode
> 	- Selectors (filters) to the IPaddress, IP Subnet, and port
> IPSec
> 	- ESP with 56bitDES, null-ESP, MD5 and SHA1
> 	- Transport and tunnel mode
> 
> Implementations should also have
> IKE
> 	- AND proposal
> 	- SA delete payload
> 	- Lifetimes in both bytes and times
> 	- Group 2 DH with 3DES
> 	- 512bit DH or explicit p & g
> 
> IPSec
> 	- Protocol and port filters
> 	- L2TP/IPSec integration
> 	- AH with MD5 and SHA1
> 	- AH+ESP combination
> 	- ESP 3DES
> 	- ESP 40bitDES
> 
> 2. IPSec Functionality Testing
> 1. Basic interop on combinations
> 2. Certificate Infrastructure
> 	- Cert Server certificates from: Entrust, Microsoft, Verisign,
> Netscape
> 	- Cert trust verification using hierarchy in PKI infrastructures
> 	- Using CRLs during cert validation ?
> 	- Timing of IKE successful/unsuccessful negotiation using certs, how
> transparent for end-to-end?
> 3. IKE retransmit behavior
> 4. Export <-> Export, Export <-> Domestic
> 	- Basic IKE and IPSec tests
> 	- Explicit p&g DH with 40bit DES
> 5. IKE commit bit
> 6. Throughput & number of simultaneous negotiations performance testing
> against different implementations
> 7. Reboot recovery (peer reboot losing it's security associations)
> 8. Scenarios - 
> 	- End-to-End transport long lived security associations (over night,
> data transfer >1Gb) with frequent dynamic rekey
> 	- End-to-GW tunnel long lived security associations (over night,
> data transfer >1Gb) with frequent dynamic rekey
> 	- Policy change events while under SA load
> 	- End-to-End SA through IPSec tunnels, initiation both ways
> 	- Client End-to-End through client-to-GW tunnel SA, initiate from
> client for tunnel, then initiation both ways for end-to-end
> 	- Client-to-GW transport SA for secure management
> 9. Multiple auth method proposals and AND proposal
> 10. Discuss reliability requirements for SA establishment, maintenance
> under
> load, heavy fragmentation, packet corruption, packet loss
> 
> 3. Schedule
> Monday evening Aug 31 - we may actually be able to setup on Sunday, not
> sure
> yet, which would make this a full testing day
> 12:00-17:00 - Room and Network Setup
> 15:00-17:00 - Shipping deliveries from MS Receiving to bldg. 27/Olympic
> Room
> 17:00-22:00 - Vendor equipment drop off/setup
> 
> Tuesday Sept 1st
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Welcome, Agenda, Network Layout, Logistics
> 9:00 - Testing
> 12:30 - SyncUp Discussion with catered lunch




> 13:00-13:30 Overview of MS PKI
> 17:00 - ReSync Discussion
> 22:00 - Room closes for night
> 
> Wednesday Sept 2nd
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Agenda, Q& A
> 12:30 - SyncUp Discussion
> 13:00-13:30 Overview of IPSec policy in NT5.0 Active Directory
> 17:00 - SyncUp Discussion
> 22:00 - Room closes for night
> 
> Thursday Sept 3rd
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Agenda, Q& A
> 12:30 - 13:30 - SyncUp Discussion
> 17:00 - Vendor Equip load Out
> 19:00 - Network pulled up
> 21:00 - Turnover to facilities management for next day
> 
> Friday Sept 4th - Event notes typed up and released to IETF IPSec list &
> participants
> 
> 
> Wm
> William Dixon, 425-703-8729, wdixon@microsoft.com
> Program Manager, Internet Protocol Security
> PBS Windows Networking & Communications
> Microsoft Corporation
> 


Follow-Ups: