Survey Responses as of 17 October 1997 (Rev 4)
------------------------
Name of Implementation : "hydrangea" WIDE project IPv6/IPsec package
Version Described : as of oct97
Organization : WIDE project
Which IP versions are
supported : IPv4 and IPv6
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : YES/DES explicit+MD5+Replay, DES implicit+MD5+Replay
Other AH Implemented
Transforms : Planned
Other ESP Implemented
Transforms : In Progress/blowfish, cast128
Transport mode : YES
Tunnel mode : Planned
Key Management : YES/Manual, Planned/ISAKMP+Oakley, Photuris
Platforms : FreeBSD 2.2.2-RELEASE(4.4-Lite BSD)
BSDI BSD/OS 3.0(4.4-Lite BSD)
Planned/NetBSD
Lineage of IPsec Code : WIDE project
Lineage of Key Mgmt Code: NRL -> FreeBSD 2.2 -> massive fixes
Key Mgmt Features : -
Location of Source Code : currently in beta test, public release starts soon
ftp://ftp.aist-nara.ac.jp/pub/IPv6/hydrangea
ftp://ftp.itojun.org/pub/ipv6/
POINTS of Contact : itojun@itojun.org, kazu@is.aist-nara.ac.jp
Claimed Interoperability: Most of Japanese implementations:
Hitachi, Toshiba, Yamaha, Yokogawa, IIJ, etc.
------------------------
Name of Implementation : Novell BoarderManager
Version Described : version 1.5 and up
Organization : Novell, Inc.
Which IP versions are
supported : IPv4, IPv6 (future)
Implements RFC-1828
AH MD5 : YES
Implements RFC-1852
AH SHA (Keyed) : YES
Implements RFC-1829
ESP DES-CBC : YES (with explicit IV)
Implements RFC-1851
(3DES-CBC) : YES (with explicit IV)
Implements AH HMAC MD5 : YES (RFC-2085 with optional 32 bits replay
counter)
Implements AH HMAC SHA-1: YES (draft-ietf-ipsec-ah-hmac-sha-01.txt with
optional 32 bits replay counter)
Implements Combined ESP
(DES+MD5+Replay, etc) : YES (MD5+DES+Replay,
draft-ietf-ipsec-esp-des-md5-03.txt)
Other AH Implemented
Transforms : new AH (in progress)
Other ESP Implemented
Transforms : RC2-CBC, RC5-CBC
: new ESP (in progress)
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley, SKIP
Platforms : NetWare/IntranetWare
Lineage of IPsec Code : Referenced NRL
Lineage of Key Mgmt Code: Referenced Cisco
Key Mgmt Features : Shared secret, Certificates: DNSSEC, X.509(in progress)
Location of Source Code : Proprietary
POINTS of Contact : cj_lee@novell.com, benny_so@novell.com
Claimed Interoperability: Testing in progress
------------------------
Name of Implementation : e-Lock VPN (Proposed name)
Version Described : 0.2
Organization : Frontier Technologies Corp.
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES, Transport mode, Tunnel mode in progress,
Explicit IV supported
Implements RFC-1829
ESP DES-CBC : YES, Tunnel mode, Transport mode partial in progress
Implements AH HMAC MD5 : YES, Transport mode, augmented RFC1828, 2085
Implements AH HMAC SHA-1: YES, Not tested yet
Implements Combined ESP
(DES+MD5+Replay, etc) : Partial, Replay+DES, MD5+DES+Replay,
SHA-1+DES+Replay in progress
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : YES, Proprietary
Transport mode : NO
Tunnel mode : NO
Key Management : Manual, ISAKMP+Oakley in Progress
Platforms : Windows NT 4.0, Win95 in progress, Win98 in progress,
Win NT 3.51 in progress
Lineage of IPsec Code : Own Design, used many different reference models
Lineage of Key Mgmt Code: Cisco
Key Mgmt Features :
Location of Source Code : proprietary
POINTS of Contact : John@FrontierTech.com, 414-241-4555x215, Management
LawrenceT@FrontierTech.com, 414-241-4555, Project Lead
GlenJ@FrontierTech.com, 414-241-4555 x272, QA
Yes we are interested in doing over-the-Internet Testing
Claimed Interoperability: Tested at ANX in September 1997
(ESP-DES w/o auth, AH HMAC-MD5)
IBM, Cisco, TIS, HP, RedCreek,
Isolation Systems, CyLAN, Mentat, Secure Computing
------------------------
Name of Implementation : Secure VPN/ NetBuilder
Version Described : N/A
Organization : 3 COM, Enterprise WAN division
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : In progress
Implements RFC-1829
ESP DES-CBC : Yes
Implements AH HMAC MD5 : In progress
Implements AH HMAC SHA-1: In progress
Implements Combined ESP
(DES+MD5+Replay, etc) : In progress
Other AH Implemented
Transforms :
Other ESP Implemented
Transforms :
Transport mode : Yes
Tunnel mode : Planned
Key Management : Manual. ISAKMP/Oakley in progress.
Platforms : NetBuilder
Lineage of IPsec Code : 3COM
Lineage of Key Mgmt Code: 3COM
Key Mgmt Features : Shared secret & Certs
Location of Source Code : Proprietary.
POINTS of Contact : James Lin (phone 408-764-6423, fax 408-764-5002,
james_lin@3com.com)
Claimed Interoperability: In progress
------------------------
Name of Implementation : PERMIT/Gate
Version Described :
Organization : TimeStep Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : NO, partial
Implements RFC-1829
ESP DES-CBC : NO, partial - explicit IV
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : All combinations Supported
Other AH Implemented
Transforms : There aren't any more to be
implemented ;-)
Other ESP Implemented : 3DES, CAST, RC5, IDEA, Blowfish,
Transforms : YES
Transport mode : YES
Tunnel mode : YES
Key Management : ISAKMP+Oakley, Manual
Platforms : Embeded
Lineage of IPsec Code : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt
Code : TimeStep IPSec Developer's Toolkit
Key Mgmt Features : X.509 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
Raptor, CheckPoint, SSH, IBM, HP, IRE
------------------------
Name of Implementation : PERMIT/Client
Version Described : 1.0
Organization : TimeStep Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : NO, partial
Implements RFC-1829
ESP DES-CBC : NO, partial - explicit IV
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : All combinations Supported
Other AH Implemented
Transforms : There aren't any more to be
implemented ;-)
Other ESP Implemented : 3DES, CAST, RC5, IDEA, Blowfish,
Transforms : YES
Transport mode : YES
Tunnel mode : YES
Key Management : ISAKMP+Oakley, Manual,
Platforms : Windows NT 4.0, Windows 95, Macintosh
Lineage of IPsec Code : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt Code: TimeStep IPSec Developer's Toolkit
Key Mgmt Features : X.509 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
Raptor, CheckPoint, SSH, IBM, HP, IRE
------------------------
Name of Implementation : TimeStep IPSec Developer's Toolkit
Version Described : 1.0
Organization : TimeStep Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES - explicit IV
Implements RFC-1829
ESP DES-CBC : YES, partial
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : All combinations Supported
Other AH Implemented
Transforms : There aren't any more to be
implemented ;-)
Other ESP Implemented : 3DES, CAST, RC5, IDEA, Blowfish,
Transforms : YES
Transport mode : YES
Tunnel mode : YES
Key Management : ISAKMP+Oakley, Manual,
Platforms : platform - independent
Lineage of IPsec Code : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt Code: TimeStep IPSec Developer's Toolkit
Key Mgmt Features : X5.09 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
Raptor, CheckPoint, SSH, IBM, HP, IRE
------------------------
Name of Implementation : IPv6 for HP-UX 9.05
Version Described :
Organization : Swedish Institute of Computer Science (SICS)
Which IP versions are
supported : IPv6
Implements RFC-1828
AH MD5 : In Progress
Implements RFC-1829
ESP DES-CBC : In Progress
Implements AH HMAC MD5 : In Progress
Implements AH HMAC SHA-1: In Progress
Implements Combined ESP
(DES+MD5+Replay, etc) : NO
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : In Progress
Tunnel mode : In Progress
Key Management : Manual
Platforms : HP-UX
Lineage of IPsec Code : NRL
Lineage of Key Mgmt Code:
Key Mgmt Features :
Location of Source Code : proprietary
POINTS of Contact : peter@sics.se, lalle@sics.se
Claimed Interoperability:
------------------------
Name of Implementation : Firewall-1, Firewall-1 ANX Pilot
Version Described : 3.0 and the code for the ANX pilot (no version
number yet).
Organization : Check Point Software Technologies
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES (only in ANX pilot code)
Implements AH HMAC SHA-1: YES (only in ANX pilot code)
Implements Combined ESP
(DES+MD5+Replay, etc) : DES+MD5+replay (only in ANX pilot code)
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : YES (DES with 32 bit IV, RC4-40)
Transport mode : NO
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley (only in ANX pilot code),
SKIP, proprietary
Platforms : Solaris, SunOS 4, HPUX, AIX, NT.
Lineage of IPsec Code : Check Point
Lineage of Key Mgmt Code: Check Point
Key Mgmt Features : for ANX pilot code: Shared secret, Certs
for 3.0: proprietary certificate based key mgmt.
Location of Source Code : "proprietary"
POINTS of Contact : roy@checkpoint.com, joeh@us.checkpoint.com
Claimed Interoperability: Cisco, Radguard, TIS, Raptor, Entrust, IBM,
Sunscreen, Toshiba SKIP, Isolation, IRE, Cylan.
------------------------
Name of Implementation : CyLAN IPSEC and ISAKMP/Oakley Toolkit
Version Described : Version 3.0
Organization : CyLAN Technologies
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES.
Implements RFC-1852
AH SHA-1 : YES.
Implements RFC-1851
Tiple DES : YES.
Implements RFC-1829
ESP DES-CBC : YES. Explicit and Implicit IV, With or without
Replay.
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : All combinations of DES/3DES, SHA-1/MD5
and Replay/No-Replay.
Other AH Implemented
Transforms : No
Other ESP Implemented
Transforms : 3DES with or without Replay.
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley
Platforms : Portable Source Code
Lineage of IPsec Code : CyLAN
Lineage of Key Mgmt Code: Cisco with CyLAN modifications.
Key Mgmt Features : Shared secret, RSA keys, DSS keys,
Quick Mode PFS, MODP groups 1 and 2.
Location of Source Code : "proprietary"
POINTS of Contact : Saroop Mathur Phone 408-541-0400,
Email:saroop@cylan.com
Claimed Interoperability: Cisco, Checkpoint, Raptor, Timestep,
Radguard, Microsoft, Intel, Redcreek,
Secure Computing, Frontier,
Rainbow Technologies, Hewlett-Packard
Semaphore, Mentat, Ascend,
Datafellows, FTP Software
------------------------
Name of Implementation : OpenBSD
Version Described : 2.2
Organization : OpenBSD Project
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES (32/64 bit IVs)
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : YES, any combination of {DES,3DES} and
{MD5,SHA1}
Also does the new-style padding (proposed
during the ANX), and old-ESP simulation
Other AH Implemented
Transforms : Planned Tiger, RIPEMD-160
Other ESP Implemented
Transforms : Planned Tiger/RIPEMD-160
Blowfish/CAST128/RC5/RC4
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, Photuris
Platforms : OpenBSD, all platforms
Lineage of IPsec Code : OpenBSD, JI
Lineage of Key Mgmt Code: OpenBSD, AK (assuming that means me :-)
Key Mgmt Features : Implemented: Shared secret
Planned: PGP/SPKI certs
Location of Source Code : http://www.openbsd.org
POINTS of Contact : angelos@openbsd.org (DSL, University of
Pennsylvania), provos@openbsd.org,
deraadt@openbsd.org
Claimed Interoperability: too many to list here -- last two were
Mentat and SSH
------------------------
Name of Implementation : BorderWare Firewall Server
Version Described : 5.0
Organization : Secure Computing Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : Yes
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: NO
Implements Combined ESP
(DES+MD5+Replay, etc) : NO
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : DES-CBC, 3DES-CBC, RC4-40, RC4-128
Transport mode : YES
Tunnel mode : YES
Key Management : proprietary
Platforms : standalone firewall
Lineage of IPsec Code : NRL
Lineage of Key Mgmt Code: Secure Computing
Key Mgmt Features : RSA keys
Location of Source Code : proprietary
POINTS of Contact : chk@tor.securecomputing.com
Claimed Interoperability: FTP Software Secure Client
------------------------
Name of Implementation : (ANX Workshop implementation)
Version Described :
Organization : Secure Computing Corporation
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
rev.)
Implements Combined ESP
(DES+MD5+Replay, etc) : MD5+DES+Replay, SHA-1+DES+Replay, MD5+3DES+Replay,
SHA-1+3DES+Replay
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : RC4-40, RC4-128
Transport mode : YES
Tunnel mode : YES
Key Management : ISAKMP+Oakley
Platforms : proprietary OS based on BSDI 3.0
Lineage of IPsec Code : NRL
Lineage of Key Mgmt Code: cisco
Key Mgmt Features : Shared secret, Certs
Location of Source Code : proprietary
POINTS of Contact : chk@tor.securecomputing.com
Claimed Interoperability: See ANX bakeoff (1997-09) results
------------------------
Name of Implementation : Mentat TCP
Version Described :
Organization : Mentat Inc.
Which IP versions are
supported : IPv4 currently, IPv6 in progress
Implements RFC-1828
AH MD5 : YES (conforms to latest AH drafts with explicit IV)
Implements RFC-1829
ESP DES-CBC : YES (conforms to latest ESP drafts with explicit IV)
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : All combinations, explicit IV
Other AH Implemented
Transforms : SHA-1
Other ESP Implemented
Transforms : 3DES
Transport mode : YES
Tunnel mode : YES
Key Management : Manual currently, ISAKMP+Oakley planned
Platforms : All STREAMS platforms
Lineage of IPsec Code : Mentat Inc.,
DES: Mentat Inc., KA9Q, Gillogly
MD5: Mentat Inc., RSA
SHA1: Mentat Inc., Gillogly
Lineage of Key Mgmt Code: N/A
Key Mgmt Features : N/A
Location of Source Code : proprietary (available for licensing)
POINTS of Contact : DC Palter dc@mentat.com tel: 310-208-2650x30
Claimed Interoperability: should interoperate with all compliant
implementations.
tested against AltaVista, Ascend, Cisco, Cylan,
DataFellows/SSH, FreeSWAN/BSD, Frontier, HP, IBM,
Isolation Systems, Red Creek, Secure Computing
------------------------
Name of Implementation : Eagle VPN
Version Described : Eagle 5.0
Organization : Raptor Systems Inc.
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES, AH_MD5 Explicit and AH_MD 5 Implicit IV.
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP : ESP_DES_MD5, ESP_DES_SHA1,
ESP_3DES_MD5, ESP_3DES_SHA1
Other AH Implemented
Transforms : AH_SHA1
Other ESP Implemented : RC2, RC5 in the plans
Transforms : YES
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley
Platforms : NT, Solaris, HPUX
Lineage of IPsec Code : not applicable
Lineage of Key Mgmt Code: Entrust
Key Mgmt Features : Shared secret, Certs
Location of Source Code : "proprietary"
POINTS of Contact : rmallal@raptor.com, jkraemer@raptor.com
Claimed Interoperability: Cisco, TIS, Radguard, Checkpoint, Cylan, Entrust
------------------------
Name of Implementation : SSH IPSec
Version Described : 1.0
Organization : SSH Communications Security Oy
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES (no longer configurable)
Implements RFC-1829
ESP DES-CBC : YES, all options (no longer configurable)
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : HMAC-MD5-96: YES
HMAC-SHA-96: YES
ARCFOUR: In progress
DES: YES
Blowfish: YES
3DES: YES
All combinations of above.
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : YES/Partial
Tunnel mode : YES
Key Management : Manual
ISAKMP+Oakley
Platforms : *BSD, Solaris/STREAMS (planned), Mac/STREAMS
(partial), NT (partial)
Lineage of IPsec Code : SSH
Lineage of Key Mgmt Code: SSH
Key Mgmt Features : Shared secret, Certs, SPKI (planned)
Location of Source Code : not yet available.
POINTS of Contact : tmo@ssh.fi, mcr@ssh.fi
Claimed Interoperability: (see ANX results)
------------------------
Name of Implementation : Secure Access
Version Described :
Organization : Ascend Communications, Inc.
Which IP versions are
supported : IPv4
Implements RFC-1828
AH MD5 : YES
Implements RFC-1829
ESP DES-CBC : YES
Implements AH HMAC MD5 : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
(DES+MD5+Replay, etc) : YES, all combinations of {DES,3DES},
{no auth,MD5,SHA1}, and {Replay,No Replay}
Other AH Implemented
Transforms : NO
Other ESP Implemented
Transforms : NO
Transport mode : YES
Tunnel mode : YES
Key Management : Manual, ISAKMP+Oakley in progress
Platforms : Ascend routers
Lineage of IPsec Code : Ascend
Lineage of Key Mgmt Code: Ascend
Key Mgmt Features : Shared secret; Certs are planned
Location of Source Code : proprietary
POINTS of Contact : Doug LaBorde (general info)
Karl Fox (testing)
Claimed Interoperability: CyLAN, IBM, Secure Computing, Mentat,
Isolation Systems