[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC goes to RFC



> Adam Shostack writes:
> > | IPSEC is now a Proposed Standard.
> > 
> > | Again, *we need your help*. Cypherpunks write code. Help us make the
> > | internet safe for personal privacy by contributing to this effort.
> > 
> > 	How about posting a list of 'things that need doing?'  I
> > assume one is floating around, possibly even with time estimates?
> 
> The IETF was challenged by Steve Crocker to be ready for use of IPSEC
> for the Dallas meeting in December so that no IETFer who wanted to
> communicate securely with his home site need be insecure.
> 
> To accomplish that, we need to produce versions of the security stack
> for many architectures. Right now, we have AIX and 4.4BSD fairly
> solidly covered. Less well covered is HPUX. People familiar with code

Could we please share snapshots of any code that exists?  Even if it's
for a totally different OS, it's still extremely helpful if we're short
on time.

> like the Trumpet Winsock stack, Linux, or who have access to the

I'm interested in doing/helping with Linux.  I also have access to
an SGI Indy (less well ready to develop though) and HPUX.

> innards of SunOS, Solaris, Windows 95, Mac stacks, and others, and can
> legitimately release implementations for those platforms, are probably
> needed. We need serious commitments from people but of course everyone
> is trying to help everyone else along.
> 
> Basically, if you know how to hack kernels and networking code and you
> have a platform you can work on, we need you.
> 
> We also lack work on the key management end of things -- people who
> can start playing around with implementing Photuris, even on a "toy"
> basis, would probably be of help.
> 
> Perry

Does it make any sense to talk about loopback interface style wedges to
convert OS native IP to IPSEC?  What about a version of inetd that
wraps apps?

(I'm about to read the RFC's, so not sure if those suggestions make sense
yet.)

I really like the idea of using DNS for (public I assume) keys...

sdw
-- 
Stephen D. Williams 25Feb1965 VW,OH (FBI ID) [email protected] http://www.lig.net/sdw
Consultant, Vienna,VA Mar95- 703-918-1491W 43392 Wayside Cir.,Ashburn, VA 22011
OO/Unix/Comm/NN       ICBM/GPS: 39 02 37N, 77 29 16W home, 38 54 04N, 77 15 56W
Pres.: Concinnous Consulting,Inc.;SDW Systems;Local Internet Gateway Co.;28May95