[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bakeoff summary




An IPsec bakeoff was held last week in Espoo, Finland 
(see www.bakeoff.ipsec.com). Around 100 participants
from various companies were present.

With Arne, we collected some of the experiences of the participants,
summarized them, and then held a discussion in the
meeting. The slides that show the summary can be
found from http://www.arkko.com/ipsec-bakeoff-august-2001.ppt
and http://www.arkko.com/ipsec-bakeoff-august-2001.txt.

The information tells what was it that people were testing,
what worked well, and what didn't work well. There was quite
a bit of new testing going on related to NAT traversal,
AES, and IPv6.

Unfortunately, I don't think we arranged for anyone
to take the minutes of the meeting (if anyone did
take notes, please post!). However, at least the
following was discussed:

* Deprecation of DES from the IPsec standards. There
  was a consensus on this (with the exception of few
  people), as long as the DES numbers from IKE would
  not be reused for other purposes ;-) and the algorithms
  could still be used where necessary.

* Usefulness of lifetime negotiation. Here we didn't
  come to any specific conclusion as far as I could
  see.

* Keepalives. Tero made the point that there are
  different situations and we should find out
  what the requirements are for them, likely more
  than one mechanism is necessary.

Jari


Follow-Ups: