From: Matt Blaze <mab@crypto.com>
Date: Tue, 6 Dec 94 19:12:24 PST
To: Alex Strasheim <alex@omaha.com>
Subject: Re: swIPe
In-Reply-To: <199412070044.SAA00308@omaha.omaha.com>
Message-ID: <199412070313.WAA24449@crypto.com>
MIME-Version: 1.0
Content-Type: text/plain



>-----BEGIN PGP SIGNED MESSAGE-----
>
>Has anything been happening with swIPe lately?  I seem to remember reading
>a couple of months ago that the protocol was being revised (simplified?) 
>and that a new RFC was going to be released soon.  What's the status of 
>the project now?
>
>==
>Alex Strasheim | finger astrashe@nyx.cs.du.edu
>alex@omaha.com | for my PGP 2.6.1. public key
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.2
>
>iQCVAwUBLuUFUREpP7+baaPtAQGKGQP/UN7bJfYOHIEdgV9uDnJLbJ00q4J/opLW
>KpDxF+yl4Nhld70YkMQ/xJ9CeGh0mrCNLz/O8nD4KLrJ87RnH2T1fMV6vdegEvxF
>CnDEOyRCSEa3kB3c1mkP5rtvW9PJF6GiqDkbaA86wa2usBkuv63mZjPc4EVLiZwY
>+0xew1PgMQs=
>=oHAW
>-----END PGP SIGNATURE-----

Well, if by swIPe you mean the standards-track IP security protocol,
quite a bit.  I'm not going to the next IETF meeting (perry?, phil?)
but I understand that swIPe and friends have mutated into something
that is very close to becoming an RFC.  Key management is another
story, with no general agreement as to what the requirements even are.
My own feeling is that more experience is needed with network-layer
security in general before the problems and tradeoffs of key managment
in heterogeneous networks will emerge with any clarity.

If you mean swIPe, the protocol described in Ioannidis and Blaze's
draft RFC of last December, not much.  There's an implementation
floating around (I think on the ucb ftp server), but I don't know
of anyone who's actively deploying it outside of closed systems.

Now would is a very good time to play with this stuff, particularly with
an eye toward understanding what the key management requirements are.
Right now the future internet cryptographic security architecture is wide
open, but that window is starting to close.

-matt