[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Minimum implementation requirement of IPsec

To: <ipsec@lists.tislabs.com>
Subject: Minimum implementation requirement of IPsec
From: Derek Ho <csderek@cs.ust.hk>
Date: Mon, 22 Oct 2001 10:33:34 +0800 (HKT)
Sender: owner-ipsec@lists.tislabs.com

Dear all,

IPsec contains several protocol, such as ESP, AH, IKE. I would like to ask
if I want to implement my own IPsec, which part I should do and which is
not if I want to connect my client to an IPsec server?

Now, I am concentrating on ESP tunnel mode instead of AH because ESP
provides both authentication and encryption. I have read the RFC and it
said that HMAC-MD5, HMAC-SHA1 is the requirement for message
authentication which DES-CBC is the requirement for message encryption.
For my implementation, I have prepared 3DES-EDE too because DES is now
known as not too secure.

For the IKE, I would like to ask should I implement it for the key change?
Can I use the pre-shared key model in IKE for my implemenation?

I apologise if my question is already answered here. I'm new to IPsec and
any comments is welcome!

Best Regards,

Derek

Prev by Date: Re: preshared key in ipv6
Next by Date: Re: preshared key in ipv6
Prev by thread: Re: preshared key in ipv6
Next by thread: I-D ACTION:draft-ietf-ipsec-sctp-02.txt
Index(es):
- Main
- Thread