Re: SKIP Source Release is out!

["Perry E. Metzger" <perry@piermont.com>]

Doug Hughes writes:
> >Tom Markson writes:
> >> Check out http://skip.incog.com.  We've released the source to the SKIP
> >> key management and IP layer encryption package for SunOs 4.x.
> >
> >SKIP is a non-standard being pushed by Sun.
> 
> Correct me if I'm wrong, but isn't sun trying to make it a standard
> (in competetion with Photuris) ?

The IETF has many sorts of standards. It explicitly has a way to
standardize things that the IETF doesn't think are a good idea but
which should have the ability to interoperate if you do them.

My opinion is that it is fairly clear that Photuris is the key
management system people will be using, although it is going to have
to evolve to work with a real network wide certificate database
infrastructure. SKIP isn't going to be the standard.

> Can I also assume that the IPV6 stuff requires pretty extensive kernel
> mods? (Not bad, but a very definite consideration)

IPSEC, SKIP, IPv6, etc., all require kernel mods. You can't help
it. Its part of the IP stack, you know.

BTW, IPv6 uses IPSEC, but IPSEC isn't only for IPv6 -- its also usable
in IPv4. We were careful about how we architected that.

The NRL code implements IPsec for both v4 and for the v6 stack it
comes with. In fact, the NRL code is primarily an IPv6 implementation
-- they just implemented IPSEC as a side effect.

Perry