[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPng6, SWIPE, ssh, etc.

Stephen D. Williams writes:
> I would like some summary opinions of the state of various efforts to
> enable full IP encryption.  I'm looking for progress reports and hints
> as to which technologies are the closest to being implementable.

The implementation efforts are in full swing. At the last IETF meeting
in Stockholm, Steve Crocker challenged the community to have IPSEC in
place and available in time for the Dallas meeting in December. There
is now a mailing list for those actively working on the implementation
efforts and a good deal of effort is being expended. In fact, I took
off this month more or less so that I could work full time on

> I haven't kept up on IPng6 docs, so succinct pointers would be helpful.

The actual RFCs were submitted to the RFC editor over the last day or
so, so there should be real RFCs to quote shortly. However, for the
moment, check out draft-ietf-ipsec-* in the nearest internet-drafts
depository. ds.internic.net:/internet-drafts/ is probably a reasonable

> One interesting tact might be to start running a dual IPng6/IP stack
> where it learns to tunnel packets over a well-known IP udp/tcp link
> if an address doesn't respond to IPng6.

You don't need to use IPv6 for the security, by the way -- its defined
to work on either. If you want, of course, I'm sure the v6 folks would
love a Linux v6 stack to show up soon...