'Re: swIPe abstract (was Re: raptor encryption)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: swIPe abstract (was Re: raptor encryption)
From:       Michael Richardson <mcr () sandelman ! ottawa ! on ! ca>
Date:       1997-07-21 12:36:07
[Download RAW message or body]


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "mikech" == mikech  <mikech@avana.net> writes:
    mikech> implementations), I can tell you that the biggest hurdle
    mikech> is its lack of an "accepted" key exchange
    mikech> mechanism. Currently we are using a sneakernet, S/MIME or

  I don't know where you have been for the past year, but the accepted
KMP is ISAKMP with Oakley. Not the best, not the easiest, and most
definitely not the one we will use in ten years (I hope), but
nevertheless the standard one.
  At least ten vendors interoperated using ISAKMP, and the
Kent/Sao/Madson ESP transform document in early June in Detroit. That
included two Israeli vendors (who can only ship DES to north america),
and the Linux FreeSWAN project, and DataFellows.

    mikech> PGP manual exchange mechanism for keys. Both SKIP and
    mikech> Photuris are still at the development stage and are not
    mikech> cross compatible.

  Holy timewarp mail, batman.

    mikech> *Our* problem is that once you get into automated key
    mikech> exchanges you are talking public key crypto and royalties
    mikech> out the ying-yang. DES/3DES and MD5 can be used royalty

  Well, the Diffie-Hellman patent expires this September. If you are
satisfied to use DSA to sign your DH ephemeral exponents for ISAKMP,
then you can build ISAKMP royalty free. Elliptic curve public keying
algorithms are another route.

    mikech> ;-) At least IBM granted the use of its IKMP protocol for
    mikech> free in Photuris implementations (RFC 1822).

  Photuris, while not mandatory standards track, is now seeing some
movement again.

    mikech> Until you can automatically swap keys, change them
    mikech> mid-session, and work with any combination Firewall/OS,

  Did that, been there. 

] It isn't that sun never sets; rather dawn and dusk are united | one quark   [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    | two quark   [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBM9MtfcmxxiPyUBAxAQEIIwMAuEyYSB9uBXMvJe6qaa4gPzeuKcufz0aK
bZPF+02Z/0fgAQLKpryybwyYmGf8DuNtOOG8OE2lkDSv4ute/tYIwMUB1UhU0gru
EPAGDimTFKj7itgG7609Kr6uhk296gTi
=f0Ev
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic