[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSec interop workshop Aug 31st - Sept 3 invitation

To: Greg Carter <greg.carter@entrust.com>, "'ipsec@tis.com'" <ipsec@tis.com>, "'William Dixon'" <wdixon@microsoft.com>
Subject: RE: IPSec interop workshop Aug 31st - Sept 3 invitation
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Tue, 04 Aug 1998 14:36:39 -0400
Cc: "'ipsec@icsa.net'" <ipsec@ns.ncsa.com>
In-Reply-To: <D789F71F24B4D111955D00A0C99B4F50BEA4B4@sothmxs01.entrust.com>
Sender: owner-ipsec@ex.tis.com

At 11:12 AM 8/4/98 -0400, Greg Carter wrote:

Details for this (week of Oct 26th) will be coming out by the end of the
week.  I am working with IBM to finalize details.

>What about the previously announced IBM workshop in the fall?  
>
>
>> ICSA in conjunction with IBM are planning the next IPsec workshop. 
>> 
>> The date we have been able to get is the week of Oct 26th.  The host is
>> IBM's AS/400  Endicott group and they will be hosting it at Holiday Inn
>> Arena, Binghamton, New York.  We are working out the site details. 
>> 
>> Why YAW? 
>> 
>> CA interoperablity. 
>> 
>> I am working on significant CA participation.  Got a couple items in the
>> works that should be announced next month. 
>> 
>> IPPCP  --  Remote clients, ya know? 
>> 
>> Remote client support. 
>> 
>> I hope we can set direction for remote client support and do at least some
>> engineering level work with whatever direction gets set. 
>> 
>> Complex architecture. 
>> 
>> Transport within tunnels.  NAT traversal.  Mobile gateways.  Other
>> nasties. 
>> 
>> And of course new comers and others. 
>> 
>> Although non IPsec developers are welcome to come, They should develop a
>> test plan to help the developers.  Time for this around Chicago time. 
>> 
>> 
>> Anyway.  That is the date and location.  I will soon be announcing how to
>> get in touch for reservations and workshop planning. 
>> 
>> 
>> 
>> 
>> Robert Moskowitz 
>> ICSA 
>> Security Interest EMail: rgm-sec@htt-consult.com
>> 
>----
>Greg Carter, Entrust Technologies
>greg.carter@entrust.com
>
>
>> ----------
>> From: 	William Dixon[SMTP:wdixon@microsoft.com]
>> Sent: 	Tuesday, August 04, 1998 5:17 AM
>> To: 	'ipsec@tis.com'
>> Subject: 	IPSec interop workshop Aug 31st - Sept 3 invitation
>> 
>> I am concerned that we are not having enough opportunities for
>> comprehensive
>> and/or sophisticated interoperability testing.  So I'd like to offer one
>> during the week after the IETF (not great timing I know).  I've got room
>> for
>> about 30 people plus equipment.  So please "r" me if interested and give
>> me
>> a few days to respond.  I'd like someone from ICSA to attend also.  By the
>> end of the week I hope to have enough responses to determine if it will be
>> worthwhile.  Thanks, -Wm
>> 
>> 
>> Announcement of IPSec Bakeoff Opportunity
>> Mon-Thurs, Aug 31st- Sept 3
>> Microsoft Main Campus, Olympic Room in bldg. 27S
>> Redmond, WA
>> 
>> Contents:
>> 1. Purpose - Criteria
>> 2. Proposed functionality testing
>> 3. Proposed daily agenda
>> 
>> 1. Purpose
>> Provide IPSec vendor developers of the most complete IPSec implementations
>> a
>> small-scale, mixed vendor environment to further test IPSec
>> interoperability
>> for transport and tunneling, under load, across a variety of network
>> topologies, including dialup, 100Mbit Ethernet and across Internet WAN
>> links.  To test attack resilience of IPSec implementations.  To begin
>> testing L2TP/IPSec interop.  No press releases, just interop work.  Wider
>> interop shake out for base and extended families of ICSA v2.0 criteria.
>> Increase consensus among IPSec vendors for how to solve some common
>> deployment problems and prepare for IBM's full bakeoff in October.
>> 
>> Due to the small facility, I'd like to prioritize for those who can
>> negotiate and perform ALL of the following functionality:
>> IKE - Negotiate and perform
>> 	- Multiple auth method proposals
>> 	- Certificate authentication and certificate request payloads
>> 	- Dynamic rekey with PFS for both main mode and quick mode
>> 	- Selectors (filters) to the IPaddress, IP Subnet, and port
>> IPSec
>> 	- ESP with 56bitDES, null-ESP, MD5 and SHA1
>> 	- Transport and tunnel mode
>> 
>> Implementations should also have
>> IKE
>> 	- AND proposal
>> 	- SA delete payload
>> 	- Lifetimes in both bytes and times
>> 	- Group 2 DH with 3DES
>> 	- 512bit DH or explicit p & g
>> 
>> IPSec
>> 	- Protocol and port filters
>> 	- L2TP/IPSec integration
>> 	- AH with MD5 and SHA1
>> 	- AH+ESP combination
>> 	- ESP 3DES
>> 	- ESP 40bitDES
>> 
>> 2. IPSec Functionality Testing
>> 1. Basic interop on combinations
>> 2. Certificate Infrastructure
>> 	- Cert Server certificates from: Entrust, Microsoft, Verisign,
>> Netscape
>> 	- Cert trust verification using hierarchy in PKI infrastructures
>> 	- Using CRLs during cert validation ?
>> 	- Timing of IKE successful/unsuccessful negotiation using certs, how
>> transparent for end-to-end?
>> 3. IKE retransmit behavior
>> 4. Export <-> Export, Export <-> Domestic
>> 	- Basic IKE and IPSec tests
>> 	- Explicit p&g DH with 40bit DES
>> 5. IKE commit bit
>> 6. Throughput & number of simultaneous negotiations performance testing
>> against different implementations
>> 7. Reboot recovery (peer reboot losing it's security associations)
>> 8. Scenarios - 
>> 	- End-to-End transport long lived security associations (over night,
>> data transfer >1Gb) with frequent dynamic rekey
>> 	- End-to-GW tunnel long lived security associations (over night,
>> data transfer >1Gb) with frequent dynamic rekey
>> 	- Policy change events while under SA load
>> 	- End-to-End SA through IPSec tunnels, initiation both ways
>> 	- Client End-to-End through client-to-GW tunnel SA, initiate from
>> client for tunnel, then initiation both ways for end-to-end
>> 	- Client-to-GW transport SA for secure management
>> 9. Multiple auth method proposals and AND proposal
>> 10. Discuss reliability requirements for SA establishment, maintenance
>> under
>> load, heavy fragmentation, packet corruption, packet loss
>> 
>> 3. Schedule
>> Monday evening Aug 31 - we may actually be able to setup on Sunday, not
>> sure
>> yet, which would make this a full testing day
>> 12:00-17:00 - Room and Network Setup
>> 15:00-17:00 - Shipping deliveries from MS Receiving to bldg. 27/Olympic
>> Room
>> 17:00-22:00 - Vendor equipment drop off/setup
>> 
>> Tuesday Sept 1st
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Welcome, Agenda, Network Layout, Logistics
>> 9:00 - Testing
>> 12:30 - SyncUp Discussion with catered lunch
>
>
>
>
>> 13:00-13:30 Overview of MS PKI
>> 17:00 - ReSync Discussion
>> 22:00 - Room closes for night
>> 
>> Wednesday Sept 2nd
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Agenda, Q& A
>> 12:30 - SyncUp Discussion
>> 13:00-13:30 Overview of IPSec policy in NT5.0 Active Directory
>> 17:00 - SyncUp Discussion
>> 22:00 - Room closes for night
>> 
>> Thursday Sept 3rd
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Agenda, Q& A
>> 12:30 - 13:30 - SyncUp Discussion
>> 17:00 - Vendor Equip load Out
>> 19:00 - Network pulled up
>> 21:00 - Turnover to facilities management for next day
>> 
>> Friday Sept 4th - Event notes typed up and released to IETF IPSec list &
>> participants
>> 
>> 
>> Wm
>> William Dixon, 425-703-8729, wdixon@microsoft.com
>> Program Manager, Internet Protocol Security
>> PBS Windows Networking & Communications
>> Microsoft Corporation
>> 
>
Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

References:

RE: IPSec interop workshop Aug 31st - Sept 3 invitation

From: Greg Carter <greg.carter@entrust.com>

Prev by Date: IPSec and Filtering Question?
Next by Date: A question about the IKE phase2 proposals
Prev by thread: RE: IPSec interop workshop Aug 31st - Sept 3 invitation
Next by thread: RE: IPSec interop workshop Aug 31st - Sept 3 invitation
Index(es):
- Main
- Thread