[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Connectathon notes (general + IPsec-specific)
Hello IPsec folks!
First off, a word from Audrey, the C-thon boss...
Hotel space is full at the Connectathon hotel.
Connectathon registration will continue until Feb. 7th (3 weeks left!).
For more information, please feel free to respond to me or see
http://www.connectathon.org.
Audrey Van Belleghem
Event Manager
Now, a word from me. People have been asking "what are you testing at
Connectathon?" My answer had been the mealy-mouthed, "Whatever people
bring". That doesn't help a lot of people, so I sorted things into some
categories. So the list of C-thon IPsec technolgies this time 'round:
IPsec Basics:
AH:
IPv4, IPv6
MD5-HMAC, SHA-1-HMAC, SHA-2-HMAC
Tunnel, transport
ESP:
IPv4, IPv6
Same hashes as AH
DES, 3DES, Blowfish, AES
Tunnel, transport
IKE Basics:
MM:
Pre-shared, RSA-sigs, RSA-enc., DSA-sigs, Mod. RSA-enc.
Oakley groups 1-5
Same hashes/ciphers as AH and ESP
INITIAL-CONTACT handling
DELETE handling
<others!>
QM:
QM PFS (Oakley groups 1-5)
Inner IP tunnel negotiation
(i.e. Phase 2 IDs != IP addrs of IKE traffic)
For AH, ESP, and AH+ESP simultaneously
AM:
Same items as MM + QM, modulo PFS for IPsec SAs.
Advanced IPsec:
Per-application policy and discussion among OS vendors about
application uses of IPsec.
<Any IPsra goodies?>
Advanced IKE:
New Oakley groups.
Single CA LDAP server?
XAUTH?
<Other goodies?>
Things in question marks are thing that I don't have too much implementation
experience, or just general lack of knowledge about.
Things on the list will not necessarily be provided by every vendor in
attendance, but they are things worth testing IMHO.
We don't have suites the way other c-thon technologies do, but if you have
any suites, feel free to bring them. (Unfortunately, the TAHI test suite
folks won't be making it out this year.)
So there it is! See you in March!
Dan