[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC goes to RFC

To: [email protected]
Subject: Re: IPSEC goes to RFC
From: [email protected] (Stephen D. Williams)
Date: Thu, 10 Aug 1995 12:41:28 -0400 (EDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Perry E. Metzger" at Aug 10, 95 10:52:30 am
Sender: [email protected]


> Adam Shostack writes:
> > | IPSEC is now a Proposed Standard.
> > 
> > | Again, *we need your help*. Cypherpunks write code. Help us make the
> > | internet safe for personal privacy by contributing to this effort.
> > 
> > 	How about posting a list of 'things that need doing?'  I
> > assume one is floating around, possibly even with time estimates?
> 
> The IETF was challenged by Steve Crocker to be ready for use of IPSEC
> for the Dallas meeting in December so that no IETFer who wanted to
> communicate securely with his home site need be insecure.
> 
> To accomplish that, we need to produce versions of the security stack
> for many architectures. Right now, we have AIX and 4.4BSD fairly
> solidly covered. Less well covered is HPUX. People familiar with code

Could we please share snapshots of any code that exists?  Even if it's
for a totally different OS, it's still extremely helpful if we're short
on time.

> like the Trumpet Winsock stack, Linux, or who have access to the

I'm interested in doing/helping with Linux.  I also have access to
an SGI Indy (less well ready to develop though) and HPUX.

> innards of SunOS, Solaris, Windows 95, Mac stacks, and others, and can
> legitimately release implementations for those platforms, are probably
> needed. We need serious commitments from people but of course everyone
> is trying to help everyone else along.
> 
> Basically, if you know how to hack kernels and networking code and you
> have a platform you can work on, we need you.
> 
> We also lack work on the key management end of things -- people who
> can start playing around with implementing Photuris, even on a "toy"
> basis, would probably be of help.
> 
> Perry

Does it make any sense to talk about loopback interface style wedges to
convert OS native IP to IPSEC?  What about a version of inetd that
wraps apps?

(I'm about to read the RFC's, so not sure if those suggestions make sense
yet.)

I really like the idea of using DNS for (public I assume) keys...

sdw
-- 
Stephen D. Williams 25Feb1965 VW,OH (FBI ID) [email protected] http://www.lig.net/sdw
Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011
OO/Unix/Comm/NN       ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95

Follow-Ups:
- Re: IPSEC goes to RFC
  - From: "Perry E. Metzger" <[email protected]>
- Re: IPSEC goes to RFC
  - From: David Neal <[email protected]>
- Re: IPSEC goes to RFC
  - From: [email protected] (Matthew Ghio)

References:
- Re: IPSEC goes to RFC
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: noise pollution, conspiracy theory, Perry's pet peeve
Next by Date: Re: Why DES in IPSEC ESP?
Prev by thread: Re: IPSEC goes to RFC
Next by thread: Re: IPSEC goes to RFC
Index(es):
- Date
- Thread