1995-08-10 - Re: IPSEC goes to RFC

Header Data

From: “Perry E. Metzger” <perry@panix.com>
To: sdw@lig.net (Stephen D. Williams)
Message Hash: 7cc2309707b8fa6101be597f6789b38b56a34d8f4f45e9ba4bcce3bc3107678d
Message ID: <199508101615.MAA11483@panix4.panix.com>
Reply To: <m0sgafh-0009yuC@sdwsys>
UTC Datetime: 1995-08-10 16:16:55 UTC
Raw Date: Thu, 10 Aug 95 09:16:55 PDT

Raw message

From: "Perry E. Metzger" <perry@panix.com>
Date: Thu, 10 Aug 95 09:16:55 PDT
To: sdw@lig.net (Stephen D. Williams)
Subject: Re: IPSEC goes to RFC
In-Reply-To: <m0sgafh-0009yuC@sdwsys>
Message-ID: <199508101615.MAA11483@panix4.panix.com>
MIME-Version: 1.0
Content-Type: text/plain



Stephen D. Williams writes:
> Could we please share snapshots of any code that exists?  Even if it's
> for a totally different OS, it's still extremely helpful if we're short
> on time.

Thats certainly something people expect to do -- I'll begin letting
people at my code in a couple of weeks.

There is a mailing list for IPSEC developers right now -- people who
have read the RFCs and decide to get serious might want to subscribe.

> I'm interested in doing/helping with Linux.  I also have access to
> an SGI Indy (less well ready to develop though) and HPUX.

Kernel sources are important here -- if you don't have kernel sources
IPSEC may be a challenge to put into a kernel...

> Does it make any sense to talk about loopback interface style wedges to
> convert OS native IP to IPSEC?  What about a version of inetd that
> wraps apps?

Steve Bellovin has a summer student who did an interesting wedge on
PCs running packet driver interfaces in which he interposed his stuff
between the stack and the real packet driver. However, this can only
be of use for host-host keying and not user-user which is the real goal.

.pm





Thread