[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bakeoff summary
An IPsec bakeoff was held last week in Espoo, Finland
(see www.bakeoff.ipsec.com). Around 100 participants
from various companies were present.
With Arne, we collected some of the experiences of the participants,
summarized them, and then held a discussion in the
meeting. The slides that show the summary can be
found from http://www.arkko.com/ipsec-bakeoff-august-2001.ppt
and http://www.arkko.com/ipsec-bakeoff-august-2001.txt.
The information tells what was it that people were testing,
what worked well, and what didn't work well. There was quite
a bit of new testing going on related to NAT traversal,
AES, and IPv6.
Unfortunately, I don't think we arranged for anyone
to take the minutes of the meeting (if anyone did
take notes, please post!). However, at least the
following was discussed:
* Deprecation of DES from the IPsec standards. There
was a consensus on this (with the exception of few
people), as long as the DES numbers from IKE would
not be reused for other purposes ;-) and the algorithms
could still be used where necessary.
* Usefulness of lifetime negotiation. Here we didn't
come to any specific conclusion as far as I could
see.
* Keepalives. Tero made the point that there are
different situations and we should find out
what the requirements are for them, likely more
than one mechanism is necessary.
Jari
Follow-Ups: