Survey Responses as of 27 March 1997 (Rev 3)
-----------------------
Name of Implementation : Solaris 2.x
Version Described : Solaris IPv6 prototype
Organization : Sun -- Solaris Internet Engineering
Which IP versions are
supported : IPv6, maybe IPv4 too.
Implements RFC-1828
AH MD5 : No
Implements RFC-1829
ESP DES-CBC : No
Implements AH HMAC MD5 : In Progress
Implements AH HMAC SHA-1: Unsure.
Implements Combined ESP
(DES+MD5+Replay, etc) : Planned support for all algorithm combinations.
Replay also planned.
Other AH Implemented
Transforms : Waiting for drafts.
Other ESP Implemented
Transforms : Waiting for drafts (probably 3DES).
Transport mode : There's no real difference in our implementation.
Tunnel mode : VPN support is planned, end-to-end is in progress.
Key Management : Manual in progress (PF_KEYv2), ISAKMP/Oakley
planned.
Platforms : Solaris 2.x
Lineage of IPsec Code : Homegrown, with inspiration from NRL
Lineage of Key Mgmt Code: Probably cisco
Location of Source Code : Proprietary
POINTS of Contact : danmcd@eng.sun.com
Claimed Interoperability: AH HMAC-MD5 success with NRL.
-----------------------
Name of Implementation : JI/Angelos
Version Described : whatever
Organization : whatever
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : DES+MD5+REPLAY+OptIV
Other AH Implemented
Transforms : AH-SHA1 planned
Other ESP Implemented
Transforms : ESP-3DES planned
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, maybe Photuris
Platforms : NetBSD, OpenBSD, BSD/OS, maybe FreeBSD
Lineage of IPsec Code : JI/Angelos
Lineage of Key Mgmt Code: JI/Angelos
Location of Source Code : ftp://ftp.funet.fi/pub/unix/security/net/ip/BSDipsed.tar.gz
POINTS of Contact : angelos@dsl.cis.upenn.edu, ji@tla.org
Claimed Interoperability: NRL, IBM, Karn, MorningStar, UoArizona (all in Dallas
'95), JI-Linux
-----------------------
Name of Implementation : IPSec Developer's Toolkit
Version Described : 1.0
Organization : TimeStep Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES; latest
Implements AH HMAC SHA-1: YES; latest
Implements Combined ESP
(DES+MD5+Replay, etc) : DES+MD5+Replay; YES; latest
3DES+MD5+Replay; latest
Other AH Implemented
Transforms : AH Keyed SHA
Other ESP Implemented
Transforms : DES+SHA+Replay; YES
3DES+SHA+Replay;
RC5+MD5+Replay;
RC5+SHA+Replay;
Transport mode : YES
Tunnel mode : YES
Key Management : ISAKMP+Oakley
Platforms :
Lineage of IPsec Code :
Lineage of Key Mgmt Code:
Location of Source Code : "proprietary"
POINTS of Contact : Roy Pereira, rpereira@timestep.com,
+1-613-599-3610x4808, fax=+1-613-599-3617
Claimed Interoperability: Entrust ISAKMP, FTP, Cisco
-----------------------
Name of Implementation : Livingston ComOS
Version Described : unreleased
Organization : Livingston Enterprises
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : In Progress
Implements AH HMAC SHA-1: In Progress
Implements Combined ESP
(DES+MD5+Replay, etc) : Planned
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : NO
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley (in progress)
Platforms : Livingston Routers and Access Servers
Lineage of IPsec Code : Livingston
Lineage of Key Mgmt Code: Livingston
Location of Source Code : proprietary
POINTS of Contact : hoodr@livingston.com
Claimed Interoperability: none tested yet
-----------------------
Name of Implementation : Firewall-1
Version Described : 3.0
Organization : Check Point Software Technologies
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : In Progress
Implements AH HMAC SHA-1: In Progress
Implements Combined ESP
(DES+MD5+Replay, etc) : Any combination of MD5/SHA-1 with DES/3DES with
replay (in progress)
Other AH Implemented
Transforms : RFC-1852
Other ESP Implemented
Transforms : NO
Transport mode : NO
Tunnel mode : YES
Key Management : Manual, SKIP: YES
ISAKMP+Oakley: In Progress
Platforms : NT 3.51, NT 4.0, Solaris, SunOS 4, HP-ux 9 and 10.
Lineage of IPsec Code : Check Point
Lineage of Key Mgmt Code: Check Point
Location of Source Code : proprietary
POINTS of Contact : roy@checkpoint.com
Claimed Interoperability: IPSEC: S/WAN interoperability with IBM,
MorningStar, TIS, ...
SKIP: ETH, SUN, Toshiba
ISAKMP: FTP
-----------------------
Name of Implementation : S/WAN Linux IPSEC
VERSION DESCRIBED : Release 0.4 of 15 Jan 1997 (ipsec-0.4.tar.gz)
Organisation: Electronic Frontier Foundation
Name of Implementation : JI's IPSEC Implementation
Version Described : 0.4
Organization : John Ioannidis
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES; draft-ietf-ipsec-ah-hmac-md5-04.txt
Implements AH HMAC SHA-1: YES; draft-ietf-ipsec-ah-hmac-sha-04.txt
Implements Combined ESP
(DES+MD5+Replay, etc) : MD5+DES+Replay, MD5+3DES+Replay;
draft-ietf-ipsec-esp-des-md5-03.txt,
draft-ietf-ipsec-esp-3des-md5-00.txt
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : In Progress for Linux; YES for NetBSD/BSDI
Tunnel mode : YES
Key Management : Manual (NETLINK interface for Linux; PF_ENCAP
interface for NetBSD/BSDI)
Platforms : LINUX 2.0.28, 2.1.29 by 4/97; NetBSD-current;
BSD/OS 2.0
Lineage of IPsec Code : JI, original BSDI code 12/95,
re-written for Linux,
combined and ported to NetBSD by Angelos Keromytis.
Lineage of Key Mgmt Code: JI's PF_ENCAP, rewrite for Linux NETLINK.
Location of Source Code : ftp://ftp.funet.fi/pub/unix/security/net/ip/
POINTS of Contact : Web: http://www.cygnus.com/~gnu/swan.html
Discussion: linux-ipsec@clinet.fi
(subscribe via majordomo@clinet.fi)
Technical Leader: John Ioannidis
Project Leader: John Gilmore
Claimed Interoperability: RFC 1828 and 1829 transforms interoperate with my
BSDI code, tested in the December 95 IETF. The rest
of the transforms interoperate with Angelos
Keromytis' port to NetBSD of my code.
All this code has been written entirely in Greece; it contains no swIPe code
(BTW, I wish people would stop asking me for ports of swIPe; it served its
purpose, now let it rest in peace). The original BSDI code shown at the
December 95 IETF (Dallas) was never released. The Linux code is almost a
complete rewrite. Angelos Keromytis took the old BSDI code, adapted it for
NetBSD, and put in the new transforms so it interoperates with the Linux code.
The NetBSD code is not likely to evolve unless someone else picks it up. Some
of the original BSDI code is also distributed with the NetBSD code; it should
be a couple of days' work to back-patch it so the new transforms also work.
The Linux code is what is supported, and what I actively seek feedback on.
/ji
-----------------------
Name of Implementation : IPsec
: ISAKMPv6 - ISAKMP/Oakley Resolutionv2
Organization : Defence Research Agency - UK
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements
AH HMAC MD5 : YES
Implements
AH HMAC SHA-1 : YES
Implements Combined ESP
(DES+MD5+Replay, etc) : Planned
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : YES
Tunnel mode : YES
Key Management : Manual && ISAKMP+Oakley
Platforms : Solaris
Lineage of IPsec Code : Modified ETHZ
Lineage of Key Mgmt Code : DRA
Location of Source Code : Not available as yet,
should be available ~ August
POINTS of Contact : ISAKMP - weaver@hydra.dra.hmg.gb
: IPsec - pbt@hydra.dra.hmg.gb
Claimed Interoperability : ISAKMPv6 - none as yet
: IPsec - none as yet
-----------------------
Name of Implementation : Network CryptoGate (NCG)
Version Described : 1.0
Organization : Toshiba Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : In Progress; RFC2085
Implements AH HMAC SHA-1: In Progress, draft 4
Implements Combined ESP
(DES+MD5+Replay, etc) : MD5+DES+Replay: In Progress; draft 3
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : YES (ESP-3DES)
Transport mode : NO
Tunnel mode : YES
Key Management : Manual, SKIP
Platforms : BSD/OS
Lineage of IPsec Code : Toshiba
Lineage of Key Mgmt Code: Toshiba
Location of Source Code : "proprietary"
POINTS of Contact : Atsushi Inoue
inoue@isl.rdc.toshiba.co.jp
+81-44-549-2238 (phone)
+81-44-520-1806 (fax)
Claimed Interoperability: SUN-SKIP, Checkpoint, Elvis+, ETH, Gemini
-----------------------
Name of Implementation: NE-Secure
Organisation: Cabletron/Network Express
Which IP versions are supported: IPv4
Implements RFC-1825 & RFC-1826 AH: In Progress
Implements RFC-1825 & RFC-1827 ESP: YES
Implements RFC-1828 AH MD5: In Progress
Implements RFC-1829 ESP DES-CBC: YES
Implements AH HMAC MD5: NO
Implements AH HMAC SHA-1: NO
Implements Combined ESP (DES+MD5+Replay): Planned
Other AH Implemented Transforms: none
Other ESP Implemented Transforms: proprietary (FEAL-32 CBC)
Key Management: manual, proprietary
Platforms: Cyberswitch
Lineage of IPsec Code: Cabletron/Network Express
Lineage of Key Mgmt Code: Cabletron/Network Express
Location of Source Code: proprietary
Point of Contact: Bill Whelan - bwhelan@nei.com (313) 761-5005
Rick Pluth - rpluth@nei.com "
Claimed Interoperability: NIST
-----------------------
Name of Implementation: cisco IOS (TM)
Organisation: cisco Systems
Which IP versions are supported: IPv4 & IPv6 in progress
Implemented Features:
AH (RFC-1825,1826): yes
ESP (RFC-1825,1827): yes
AH MD5 (RFC-1828): yes
ESP DES (RFC-1829): yes
Other implemented AH transforms: AH-HMAC-MD5 & AH-HMAC-SHA
Other implemented ESP transforms: ESP-DES-MD5-Replay
Key Management: ISAKMP+Oakley (v6 and v2, v7 and v3 in progress)
Platforms: cisco
Lineage of IPsec Code: cisco Systems
Lineage of Key Mgmt Code: cisco Systems
Location of Source Code: proprietary
Point of Contact: Cheryl Madson
-----------------------
Name of Implementation : IPSEC for FreeBSD
Version Described : 1.0
Organization : Portland State University
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : None
Other AH Implemented
Transforms : None
Other ESP Implemented
Transforms : None
Transport mode : YES
Tunnel mode : YES
Key Management : Manual
Platforms : FreeBSD 2.1.0R
Lineage of IPsec Code : NRL IPSEC distributed January 1996
Lineage of Key Mgmt Code: n/a
Location of Source Code :
ftp://zymurgy.cs.pdx.edu/pub/freebsd-ipsec/freebsd.ipsec.tar.gz
-OR-
http://www.cs.pdx.edu/research/SMN/ look under "PSU IPSEC/FreeBSD port"
POINTS of Contact : Jim Binkley
David Reeder
Bill Trost
mailing list: freebsd-ipsec@cs.pdx.edu
Claimed Interoperability: Unknown.