[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSec interop workshop Aug 31st - Sept 3 invitation
At 11:12 AM 8/4/98 -0400, Greg Carter wrote:
Details for this (week of Oct 26th) will be coming out by the end of the
week. I am working with IBM to finalize details.
>What about the previously announced IBM workshop in the fall?
>
>
>> ICSA in conjunction with IBM are planning the next IPsec workshop.
>>
>> The date we have been able to get is the week of Oct 26th. The host is
>> IBM's AS/400 Endicott group and they will be hosting it at Holiday Inn
>> Arena, Binghamton, New York. We are working out the site details.
>>
>> Why YAW?
>>
>> CA interoperablity.
>>
>> I am working on significant CA participation. Got a couple items in the
>> works that should be announced next month.
>>
>> IPPCP -- Remote clients, ya know?
>>
>> Remote client support.
>>
>> I hope we can set direction for remote client support and do at least some
>> engineering level work with whatever direction gets set.
>>
>> Complex architecture.
>>
>> Transport within tunnels. NAT traversal. Mobile gateways. Other
>> nasties.
>>
>> And of course new comers and others.
>>
>> Although non IPsec developers are welcome to come, They should develop a
>> test plan to help the developers. Time for this around Chicago time.
>>
>>
>> Anyway. That is the date and location. I will soon be announcing how to
>> get in touch for reservations and workshop planning.
>>
>>
>>
>>
>> Robert Moskowitz
>> ICSA
>> Security Interest EMail: rgm-sec@htt-consult.com
>>
>----
>Greg Carter, Entrust Technologies
>greg.carter@entrust.com
>
>
>> ----------
>> From: William Dixon[SMTP:wdixon@microsoft.com]
>> Sent: Tuesday, August 04, 1998 5:17 AM
>> To: 'ipsec@tis.com'
>> Subject: IPSec interop workshop Aug 31st - Sept 3 invitation
>>
>> I am concerned that we are not having enough opportunities for
>> comprehensive
>> and/or sophisticated interoperability testing. So I'd like to offer one
>> during the week after the IETF (not great timing I know). I've got room
>> for
>> about 30 people plus equipment. So please "r" me if interested and give
>> me
>> a few days to respond. I'd like someone from ICSA to attend also. By the
>> end of the week I hope to have enough responses to determine if it will be
>> worthwhile. Thanks, -Wm
>>
>>
>> Announcement of IPSec Bakeoff Opportunity
>> Mon-Thurs, Aug 31st- Sept 3
>> Microsoft Main Campus, Olympic Room in bldg. 27S
>> Redmond, WA
>>
>> Contents:
>> 1. Purpose - Criteria
>> 2. Proposed functionality testing
>> 3. Proposed daily agenda
>>
>> 1. Purpose
>> Provide IPSec vendor developers of the most complete IPSec implementations
>> a
>> small-scale, mixed vendor environment to further test IPSec
>> interoperability
>> for transport and tunneling, under load, across a variety of network
>> topologies, including dialup, 100Mbit Ethernet and across Internet WAN
>> links. To test attack resilience of IPSec implementations. To begin
>> testing L2TP/IPSec interop. No press releases, just interop work. Wider
>> interop shake out for base and extended families of ICSA v2.0 criteria.
>> Increase consensus among IPSec vendors for how to solve some common
>> deployment problems and prepare for IBM's full bakeoff in October.
>>
>> Due to the small facility, I'd like to prioritize for those who can
>> negotiate and perform ALL of the following functionality:
>> IKE - Negotiate and perform
>> - Multiple auth method proposals
>> - Certificate authentication and certificate request payloads
>> - Dynamic rekey with PFS for both main mode and quick mode
>> - Selectors (filters) to the IPaddress, IP Subnet, and port
>> IPSec
>> - ESP with 56bitDES, null-ESP, MD5 and SHA1
>> - Transport and tunnel mode
>>
>> Implementations should also have
>> IKE
>> - AND proposal
>> - SA delete payload
>> - Lifetimes in both bytes and times
>> - Group 2 DH with 3DES
>> - 512bit DH or explicit p & g
>>
>> IPSec
>> - Protocol and port filters
>> - L2TP/IPSec integration
>> - AH with MD5 and SHA1
>> - AH+ESP combination
>> - ESP 3DES
>> - ESP 40bitDES
>>
>> 2. IPSec Functionality Testing
>> 1. Basic interop on combinations
>> 2. Certificate Infrastructure
>> - Cert Server certificates from: Entrust, Microsoft, Verisign,
>> Netscape
>> - Cert trust verification using hierarchy in PKI infrastructures
>> - Using CRLs during cert validation ?
>> - Timing of IKE successful/unsuccessful negotiation using certs, how
>> transparent for end-to-end?
>> 3. IKE retransmit behavior
>> 4. Export <-> Export, Export <-> Domestic
>> - Basic IKE and IPSec tests
>> - Explicit p&g DH with 40bit DES
>> 5. IKE commit bit
>> 6. Throughput & number of simultaneous negotiations performance testing
>> against different implementations
>> 7. Reboot recovery (peer reboot losing it's security associations)
>> 8. Scenarios -
>> - End-to-End transport long lived security associations (over night,
>> data transfer >1Gb) with frequent dynamic rekey
>> - End-to-GW tunnel long lived security associations (over night,
>> data transfer >1Gb) with frequent dynamic rekey
>> - Policy change events while under SA load
>> - End-to-End SA through IPSec tunnels, initiation both ways
>> - Client End-to-End through client-to-GW tunnel SA, initiate from
>> client for tunnel, then initiation both ways for end-to-end
>> - Client-to-GW transport SA for secure management
>> 9. Multiple auth method proposals and AND proposal
>> 10. Discuss reliability requirements for SA establishment, maintenance
>> under
>> load, heavy fragmentation, packet corruption, packet loss
>>
>> 3. Schedule
>> Monday evening Aug 31 - we may actually be able to setup on Sunday, not
>> sure
>> yet, which would make this a full testing day
>> 12:00-17:00 - Room and Network Setup
>> 15:00-17:00 - Shipping deliveries from MS Receiving to bldg. 27/Olympic
>> Room
>> 17:00-22:00 - Vendor equipment drop off/setup
>>
>> Tuesday Sept 1st
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Welcome, Agenda, Network Layout, Logistics
>> 9:00 - Testing
>> 12:30 - SyncUp Discussion with catered lunch
>
>
>
>
>> 13:00-13:30 Overview of MS PKI
>> 17:00 - ReSync Discussion
>> 22:00 - Room closes for night
>>
>> Wednesday Sept 2nd
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Agenda, Q& A
>> 12:30 - SyncUp Discussion
>> 13:00-13:30 Overview of IPSec policy in NT5.0 Active Directory
>> 17:00 - SyncUp Discussion
>> 22:00 - Room closes for night
>>
>> Thursday Sept 3rd
>> 7:30 - Room Opens, Catered continental bkfast
>> 8:30 - Agenda, Q& A
>> 12:30 - 13:30 - SyncUp Discussion
>> 17:00 - Vendor Equip load Out
>> 19:00 - Network pulled up
>> 21:00 - Turnover to facilities management for next day
>>
>> Friday Sept 4th - Event notes typed up and released to IETF IPSec list &
>> participants
>>
>>
>> Wm
>> William Dixon, 425-703-8729, wdixon@microsoft.com
>> Program Manager, Internet Protocol Security
>> PBS Windows Networking & Communications
>> Microsoft Corporation
>>
>
Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com
References: