Received: from relay.tis.com by neptune.TIS.COM id aa17296; 12 Jul 96 12:58 EDT Received: by relay.tis.com; id NAA20934; Fri, 12 Jul 1996 13:00:20 -0400 Received: from sol.tis.com(192.33.112.100) by relay.tis.com via smap (V3.1.1) id xma020913; Fri, 12 Jul 96 12:59:54 -0400 Received: from relay.tis.com by tis.com (4.1/SUN-5.64) id AA06040; Fri, 12 Jul 96 12:59:39 EDT Received: by relay.tis.com; id MAA20902; Fri, 12 Jul 1996 12:59:50 -0400 Received: from puli.cisco.com(171.69.1.174) by relay.tis.com via smap (V3.1.1) id xma020890; Fri, 12 Jul 96 12:59:22 -0400 Received: (rja@localhost) by puli.cisco.com (8.6.12/8.6.5) id KAA28197 for ipsec@tis.com; Fri, 12 Jul 1996 10:01:52 -0700 Date: Fri, 12 Jul 1996 10:01:52 -0700 From: Ran Atkinson Message-Id: <199607121701.KAA28197@puli.cisco.com> To: ipsec@TIS.COM Subject: July/96 IPsec Implementation Status Sender: ipsec-approval@neptune.tis.com Precedence: bulk Hi, Appended below is the current IPsec Implementation Status summary as best I am aware of it. I suspect that there might be additional implementations or updated interoperability information out there that isn't yet reflected in this summary. So I'd like to ask that implementers check their entry and send me any updated information. I expect to reissue this summary with revised/updated data early next week (week of July 15th). Thanks, Ran rja@cisco.com Co-Chair, IPsec WG ---------------------------------------------------------------------- This is the IETF IPsec WG Implementation Status as of 12 July 1996. There are 8 known freely distributable implementations (listed first) and 10 known commercial/proprietary implementations (listed afterwards). Some of the listed implementations are "planned" or "in progress". Not all implementations include all of the IETF IPsec specifications and/or proposals. Claimed interoperability is also listed. Not all implementations have been tested against each other, so not listing interoperability might mean that the implementations were never tested against each other. Paul Lambert Randall Atkinson Co-Chairs of the IP Security WG Internet Engineering Task Force Here is the list of freely distributable IPsec implementations: _______________________________________________________________________ Name of Implementation: x-Kernel IPsec Organisation: Univ. of Arizona, Dept of CS IP versions: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES Key Management: manual, Photuris (draft 8, Elliptical curves) Platforms: x-Kernel (U of AZ's research OS) Lineage of IPsec Code: University of Arizona Lineage of Key Mgmt Code: University of Arizona Location of Source Code: ftp://ftp.cs.arizona.edu/xkernel/ xkernel.v3.2.security.tar.Z Point of Contact: Hilarie Orman Claimed Interoperability: KA9Q NOS (AH MD5, ESP DES), JI (Photuris, AH MD5) _______________________________________________________________________ Name of Implementation: ENskip Organisation: ETH Zurich Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): Partial (SPI == 1 only) ESP (RFC-1825,1827): Partial (SPI == 1 only) AH MD5 (RFC-1828): YES, with 128, 64, & 32 bit keys ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES, ESP-IDEA, ESP-RC4 Key Management: SKIP (draft 6) Platforms: Solaris 2.4+, IRIX (version ??), NetBSD, Nextstep Lineage of IPsec Code: ETH Zurich Lineage of Key Mgmt Code: ETH Zurich Location of Source Code: ftp://ftp.tik.ee.ethz.ch/pub/packages/skip Point of Contact: Claimed Interoperability: Sun SKIP _______________________________________________________________________ Name of Implementation: ISAKMP with Oakley Extensions Key Mgmt Daemon Organisation: cisco Systems Which IP versions are supported: IPv4 and IPv6 Implemented Features: AH (RFC-1825,1826): Not applicable ESP (RFC-1825,1827): Not applicable AH MD5 (RFC-1828): Not applicable ESP DES (RFC-1829): Not applicable Other AH Transforms: Not applicable Other ESP Transforms: Not applicable Key Management: ISAKMP with Oakley Extensions Platforms: Any system with the NRL PF_KEY key management API Lineage of IPsec Code: not applicable Lineage of Key Mgmt Code: cisco Systems Location of Source Code: http://web.mit.edu/network/isakmp/ http://www.cisco.com/public/library/isakmp.html Note: Patent issues have been taken care of by cisco. Point of Contact: Dan Harkins Public Mailing List: Claimed Interoperability: (UK) DRA Malvern's ISAKMP as of ISAKMP draft 4. _______________________________________________________________________ Name of Implementation: ISI/USC Organisation: Information Sciences Institute, USC Which IP versions are supported: IPv4 AH (RFC-1825,1826): YES ESP (RFC-1825,1827): NO AH MD5 (RFC-1828): YES ESP DES (RFC-1829): NO Other AH Transforms: checksum, proprietary Other ESP Transforms: none Key Management: staticly configured Platforms: BSD Lineage of IPsec Code: Both NRL-derived and ISI-developed Lineage of Key Mgmt Code: not applicable Location of Source Code: (expected March 1996) Point of Contact: Joe Touch Claimed Interoperability: _______________________________________________________________________ Name of Implementation: JI's IPsec Organisation: John Ioannidis Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: HMAC MD5 in progress ??? Other ESP Transforms: none Key Management: manual, Photuris (which draft ?) in progress, PF_ENCAP keying interface, PF_ROUTE extensions Platforms: BSD/OS 2.0 Lineage of IPsec Code: JI Lineage of Key Mgmt Code: Angelos ?? Location of Source Code: (??) ftp://ftp.ripe.net/ Point of Contact: John Ioannidis Claimed Interoperability: _______________________________________________________________________ Name of Implementation: KA9Q NOS Organisation: Phil Karn Which IP versions are supported: IPv4 AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES Key Management: manual Platforms: DOS with KA9Q NOS Lineage of IPsec Code: Phil Karn Lineage of Key Mgmt Code: not applicable Location of Source Code: (available soon) Point of Contact: Phil Karn Claimed Interoperability: _______________________________________________________________________ Name of Implementation: NIST/NSA IPSEC Prototype Organisation: NIST & NSA Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: AH-HMAC-SHA, AH-HMAC-MD5 Other ESP Transforms: Key Management: manual, PF_SADB interface Platforms: BSD/OS, NetBSD, FreeBSD, DTOS Lineage of IPsec Code: NIST & NSA Lineage of Key Mgmt Code: NIST & NSA Location of Source Code: (US-only expected March 1996) Point of Contact: Rob Glenn, Rob.Glenn@nist.gov, Michael Oehler, mjo@tycho.ncsc.mil, (301) 688-0849 Claimed Interoperability: TBD ________________________________________________________________________ Name of Implementation: NRL IPv6/IPsec Software Distribution Organisation: Naval Research Laboratory (NRL) Which IP versions are supported: IPv4 and IPv6 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: AH-HMAC-MD5, AH-HMAC-SHA Other ESP Transforms: DES-CBC-MD5-Replay is planned. Key Management: manual, PF_KEY Key Management API, includes cisco's ISAKMP+Oakley daemon. Platforms: any 4.4-Lite BSDish system, NetBSD, BSDI, 4.4 BSD Lineage of IPsec Code: NRL, with some AH transforms contributed by NIST Lineage of Key Mgmt Code: cisco Systems Location of Source Code: US: ftp://ftp.c2.org (see file "pub/README.US-only") US: http://web.mit.edu/network/isakmp US/Canada: http://www.cisco.com/public/library/ipsec.html Europe: ftp://ftp.ripe.net/ipv6/nrl/ Point of Contact: Claimed Interoperability: (all are for ESP DES, AH MD5) Ascend, V-One, TIS, IBM, KA9Q, & NRL-derived implementations _______________________________________________________________________ Name of Implementation: Sun SKIP Organisation: Sun Microsystems' Internet Commerce Group (Sun ICG) Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): in progress ESP (RFC-1825,1827): in progress AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES Key Management: SKIP Platforms: SunOS 4.1.x Lineage of IPsec Code: Sun ICG Lineage of Key Mgmt Code: Sun ICG Location of Source Code: http://skip.incog.com Point of Contact: Tom Markson Claimed Interoperability: ETH Zurich's EnSKIP, Elvis SKIP Here is the list of commercial/proprietary IETF IPsec implementations: ________________________________________________________________________ Name of Implementation: AccessSecure Organisation: Ascend Communications Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES, with variable length keys ESP DES (RFC-1829): YES, 32-bit or 64-bit IV Other AH Transforms: none Other ESP Transforms: none Key Management: manual Platforms: Ascend Pipeline and Max routers Lineage of IPsec Code: Ascend (was MorningStar) Lineage of Key Mgmt Code: not applicable Location of Source Code: proprietary Point of Contact: Karl Fox Claimed Interoperability: NRL, Checkpoint, IBM, NIST, Raptor, Secure Computing, SOS, TimeStep, TIS, Gemini, KA9Q NOS _______________________________________________________________________ Name of Implementation: ERP IPSEC Organisation: Bellcore Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES, with 128, 64, & 32 bit keys ESP DES (RFC-1829): YES Other implemented AH transforms: none Other implemented ESP transforms: none Key Management: manual Platforms: ??? Lineage of IPsec Code: ??? Lineage of Key Mgmt Code: not applicable Location of Source Code: proprietary Point of Contact: Antonio Fernandez Claimed Interoperability: _______________________________________________________________________ Name of Implementation: cisco IOS (TM) Organisation: cisco Systems Which IP versions are supported: IPv4 & IPv6 in progress Implemented Features: AH (RFC-1825,1826): In Progress ESP (RFC-1825,1827): In Progress AH MD5 (RFC-1828): In Progress ESP DES (RFC-1829): In Progress Other implemented AH transforms: AH-HMAC-MD5 & AH-HMAC-SHA in progress. Other implemented ESP transforms: ESP-DES-MD5-Replay in progress, proprietary DES transform. Key Management: proprietary now; ISAKMP+Oakley in progress Platforms: cisco Lineage of IPsec Code: cisco Systems Lineage of Key Mgmt Code: cisco Systems Location of Source Code: proprietary Point of Contact: Cheryl Madson Claimed Interoperability: TBA ________________________________________________________________________ Name of Implementation: OnNet Organisation: ftp Software Which IP versions are supported: IPv4 now, IPv6 planned Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: none Key Management: manual now; ISAKMP+Oakley is planned. Platforms: Windows95, Windows 3.11 Lineage of IPsec Code: FTP Software; referenced but didn't port the NRL software. Lineage of Key Mgmt Code: FTP Software; referenced but didn't port the NRL software. Plan to port cisco's ISAKMP+Oakley code. Location of Source Code: proprietary Point of Contact: Naganand Doraswamy Claimed Interoperability: Raptor, SCC, IBM, & TIS now; testing with NRL is in progress. _______________________________________________________________________ Name of Implementation: Trusted Security Firewall-Guard (GTFW-GD) Organisation: Gemini Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: AH-SHA, proprietary Other ESP Transforms: none Key Management: manual, proprietary Platforms: Gemini Trusted Firewall-Guard Lineage of IPsec Code: Gemini Lineage of Key Mgmt Code: Gemini Location of Source Code: Proprietary Point of Contact: Dr. Tien F. Tao Claimed Interoperability: IBM SNG, MorningStar, NIST, Raptor Systems, SCC, SOS, TIS _______________________________________________________________________ Name of Implementation: IBM SNG Organisation: IBM Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES, both 32-bit & 64-bit IV Other AH Transforms: HMAC MD5 Other ESP Transforms: none Key Management: manual, proprietary Platforms: IBM AIX Lineage of IPsec Code: IBM Lineage of Key Mgmt Code: IBM Location of Source Code: proprietary Point of Contact: Claimed Interoperability: For ESP-DES & AH-MD5: NRL, JI, KA9Q, NIST, TIS, Checkpoint, SOS, Gemini, MorningStar, Raptor, SCC, TimeStep For ESP-DES & HMAC MD5: NIST, Raptor _______________________________________________________________________ Name of Implementation: SafeNet Organisation: Information Resources Engineering, Inc. Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): Planned ESP (RFC-1825,1827): In Progress AH MD5 (RFC-1828): Planned ESP DES (RFC-1829): In Progress Other AH Transforms: none Other ESP Transforms: DES-Counter-ANSI-X9.9 Key Management: SKIP in progress; various ANSI in progress Platforms: V.34 modem, IP over PPP, Ethernet Lineage of IPsec Code: Information Resources Engineering Lineage of Key Mgmt Code: Information Resources Engineering Location of Source Code: proprietary Point of Contact: Claimed Interoperability: TBA _______________________________________________________________________ Name of Implementation: BorderGuard and Security Router Organisation: Network Systems Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): TBD ESP (RFC-1825,1827): In Progress AH MD5 (RFC-1828): TBD ESP DES (RFC-1829): TBD Other AH Transforms: none Other ESP Transforms: ESP-DES-MD5-Replay in progress Key Management: manual, proprietary D-H are done now. ISAKMP+Oakley is in progress. Platforms: Network Systems routers Lineage of IPsec Code: Network Systems Lineage of Key Mgmt Code: Network Systems Location of Source Code: proprietary Point of Contact: Ted Doty Claimed Interoperability: TBD _______________________________________________________________________ Name of Implementation: Eagle Organisation: Raptor Systems Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: AH-HMAC-MD5 Other ESP Transforms: DES-CBC-MD5-Replay is planned Key Management: manual, proprietary Platforms: Raptor Eagle Firewall Lineage of IPsec Code: Raptor Lineage of Key Mgmt Code: proprietary Location of Source Code: proprietary Point of Contact: Jeff Kraemer Claimed Interoperability: FTP Software, IBM SNG, MorningStar, NIST, Secure Computing, SOS, TimeStep, TIS, Gemini ______________________________________________________________________ Name of Implementation: Sidewinder Firewall Organisation: Secure Computing Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: none Key Management: manual Platforms: Sidewinder Firewall Lineage of IPsec Code: ??? Lineage of Key Mgmt Code: not applicable Location of Source Code: proprietary Point of Contact: Troy de Jongh (dejongh@sctc.com) Claimed Interoperability: _______________________________________________________________________ Name of Implementation: PERMIT Organisation: TimeStep Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: none Key Management: manual, proprietary Platforms: TimeStep Lineage of IPsec Code: ??? Lineage of Key Mgmt Code: TimeStep ??? Location of Source Code: proprietary Point of Contact: Stephane Lacelle Claimed Interoperability: _______________________________________________________________________ Name of Implementation: TIS Gauntlet Organisation: Trusted Information Systems Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES Key Management: manual, proprietary Platforms: TIS Gauntlet Lineage of IPsec Code: NRL-derived Lineage of Key Mgmt Code: TIS ??? Location of Source Code: proprietary Point of Contact: Rick Murphy, rick@tis.com Claimed Interoperability: NRL _______________________________________________________________________ Name of Implementation: V-ONE SmartWall Organisation: V-One Which IP versions are supported: IPv4 Implemented Features: AH (RFC-1825,1826): YES ESP (RFC-1825,1827): YES AH MD5 (RFC-1828): YES ESP DES (RFC-1829): YES Other AH Transforms: none Other ESP Transforms: ESP-3DES, RC4, stream DES Key Management: manual, proprietary Platforms: V-ONE SmartWall Lineage of IPsec Code: NRL-derived Lineage of Key Mgmt Code: V-One ??? Location of Source Code: proprietary Point of Contact: Jason Wang Claimed Interoperability: NRL ______________________________________________________________________