[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSec interop workshop Aug 31st - Sept 3 invitation
What about the previously announced IBM workshop in the fall?
> ICSA in conjunction with IBM are planning the next IPsec workshop.
>
> The date we have been able to get is the week of Oct 26th. The host is
> IBM's AS/400 Endicott group and they will be hosting it at Holiday Inn
> Arena, Binghamton, New York. We are working out the site details.
>
> Why YAW?
>
> CA interoperablity.
>
> I am working on significant CA participation. Got a couple items in the
> works that should be announced next month.
>
> IPPCP -- Remote clients, ya know?
>
> Remote client support.
>
> I hope we can set direction for remote client support and do at least some
> engineering level work with whatever direction gets set.
>
> Complex architecture.
>
> Transport within tunnels. NAT traversal. Mobile gateways. Other
> nasties.
>
> And of course new comers and others.
>
> Although non IPsec developers are welcome to come, They should develop a
> test plan to help the developers. Time for this around Chicago time.
>
>
> Anyway. That is the date and location. I will soon be announcing how to
> get in touch for reservations and workshop planning.
>
>
>
>
> Robert Moskowitz
> ICSA
> Security Interest EMail: rgm-sec@htt-consult.com
>
----
Greg Carter, Entrust Technologies
greg.carter@entrust.com
> ----------
> From: William Dixon[SMTP:wdixon@microsoft.com]
> Sent: Tuesday, August 04, 1998 5:17 AM
> To: 'ipsec@tis.com'
> Subject: IPSec interop workshop Aug 31st - Sept 3 invitation
>
> I am concerned that we are not having enough opportunities for
> comprehensive
> and/or sophisticated interoperability testing. So I'd like to offer one
> during the week after the IETF (not great timing I know). I've got room
> for
> about 30 people plus equipment. So please "r" me if interested and give
> me
> a few days to respond. I'd like someone from ICSA to attend also. By the
> end of the week I hope to have enough responses to determine if it will be
> worthwhile. Thanks, -Wm
>
>
> Announcement of IPSec Bakeoff Opportunity
> Mon-Thurs, Aug 31st- Sept 3
> Microsoft Main Campus, Olympic Room in bldg. 27S
> Redmond, WA
>
> Contents:
> 1. Purpose - Criteria
> 2. Proposed functionality testing
> 3. Proposed daily agenda
>
> 1. Purpose
> Provide IPSec vendor developers of the most complete IPSec implementations
> a
> small-scale, mixed vendor environment to further test IPSec
> interoperability
> for transport and tunneling, under load, across a variety of network
> topologies, including dialup, 100Mbit Ethernet and across Internet WAN
> links. To test attack resilience of IPSec implementations. To begin
> testing L2TP/IPSec interop. No press releases, just interop work. Wider
> interop shake out for base and extended families of ICSA v2.0 criteria.
> Increase consensus among IPSec vendors for how to solve some common
> deployment problems and prepare for IBM's full bakeoff in October.
>
> Due to the small facility, I'd like to prioritize for those who can
> negotiate and perform ALL of the following functionality:
> IKE - Negotiate and perform
> - Multiple auth method proposals
> - Certificate authentication and certificate request payloads
> - Dynamic rekey with PFS for both main mode and quick mode
> - Selectors (filters) to the IPaddress, IP Subnet, and port
> IPSec
> - ESP with 56bitDES, null-ESP, MD5 and SHA1
> - Transport and tunnel mode
>
> Implementations should also have
> IKE
> - AND proposal
> - SA delete payload
> - Lifetimes in both bytes and times
> - Group 2 DH with 3DES
> - 512bit DH or explicit p & g
>
> IPSec
> - Protocol and port filters
> - L2TP/IPSec integration
> - AH with MD5 and SHA1
> - AH+ESP combination
> - ESP 3DES
> - ESP 40bitDES
>
> 2. IPSec Functionality Testing
> 1. Basic interop on combinations
> 2. Certificate Infrastructure
> - Cert Server certificates from: Entrust, Microsoft, Verisign,
> Netscape
> - Cert trust verification using hierarchy in PKI infrastructures
> - Using CRLs during cert validation ?
> - Timing of IKE successful/unsuccessful negotiation using certs, how
> transparent for end-to-end?
> 3. IKE retransmit behavior
> 4. Export <-> Export, Export <-> Domestic
> - Basic IKE and IPSec tests
> - Explicit p&g DH with 40bit DES
> 5. IKE commit bit
> 6. Throughput & number of simultaneous negotiations performance testing
> against different implementations
> 7. Reboot recovery (peer reboot losing it's security associations)
> 8. Scenarios -
> - End-to-End transport long lived security associations (over night,
> data transfer >1Gb) with frequent dynamic rekey
> - End-to-GW tunnel long lived security associations (over night,
> data transfer >1Gb) with frequent dynamic rekey
> - Policy change events while under SA load
> - End-to-End SA through IPSec tunnels, initiation both ways
> - Client End-to-End through client-to-GW tunnel SA, initiate from
> client for tunnel, then initiation both ways for end-to-end
> - Client-to-GW transport SA for secure management
> 9. Multiple auth method proposals and AND proposal
> 10. Discuss reliability requirements for SA establishment, maintenance
> under
> load, heavy fragmentation, packet corruption, packet loss
>
> 3. Schedule
> Monday evening Aug 31 - we may actually be able to setup on Sunday, not
> sure
> yet, which would make this a full testing day
> 12:00-17:00 - Room and Network Setup
> 15:00-17:00 - Shipping deliveries from MS Receiving to bldg. 27/Olympic
> Room
> 17:00-22:00 - Vendor equipment drop off/setup
>
> Tuesday Sept 1st
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Welcome, Agenda, Network Layout, Logistics
> 9:00 - Testing
> 12:30 - SyncUp Discussion with catered lunch
> 13:00-13:30 Overview of MS PKI
> 17:00 - ReSync Discussion
> 22:00 - Room closes for night
>
> Wednesday Sept 2nd
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Agenda, Q& A
> 12:30 - SyncUp Discussion
> 13:00-13:30 Overview of IPSec policy in NT5.0 Active Directory
> 17:00 - SyncUp Discussion
> 22:00 - Room closes for night
>
> Thursday Sept 3rd
> 7:30 - Room Opens, Catered continental bkfast
> 8:30 - Agenda, Q& A
> 12:30 - 13:30 - SyncUp Discussion
> 17:00 - Vendor Equip load Out
> 19:00 - Network pulled up
> 21:00 - Turnover to facilities management for next day
>
> Friday Sept 4th - Event notes typed up and released to IETF IPSec list &
> participants
>
>
> Wm
> William Dixon, 425-703-8729, wdixon@microsoft.com
> Program Manager, Internet Protocol Security
> PBS Windows Networking & Communications
> Microsoft Corporation
>
Follow-Ups: