Survey Responses as of 17 October 1997 (Rev 4)

------------------------

Name of Implementation  : "hydrangea" WIDE project IPv6/IPsec package
Version Described       : as of oct97
Organization            : WIDE project
Which IP versions are
 supported              : IPv4 and IPv6
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1829
 ESP DES-CBC            : YES
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : YES/DES explicit+MD5+Replay, DES implicit+MD5+Replay
Other AH Implemented
 Transforms             : Planned
Other ESP Implemented
 Transforms             : In Progress/blowfish, cast128
Transport mode          : YES
Tunnel mode             : Planned
Key Management          : YES/Manual, Planned/ISAKMP+Oakley, Photuris
Platforms               : FreeBSD 2.2.2-RELEASE(4.4-Lite BSD)
                          BSDI BSD/OS 3.0(4.4-Lite BSD)
                          Planned/NetBSD
Lineage of IPsec Code   : WIDE project
Lineage of Key Mgmt Code: NRL -> FreeBSD 2.2 -> massive fixes
Key Mgmt Features       : -
Location of Source Code : currently in beta test, public release starts soon
                          ftp://ftp.aist-nara.ac.jp/pub/IPv6/hydrangea
                          ftp://ftp.itojun.org/pub/ipv6/
POINTS of Contact       : itojun@itojun.org, kazu@is.aist-nara.ac.jp
Claimed Interoperability: Most of Japanese implementations:
			  Hitachi, Toshiba, Yamaha, Yokogawa, IIJ, etc.

------------------------

Name of Implementation  : Novell BoarderManager 
Version Described       : version 1.5 and up
Organization            : Novell, Inc.
Which IP versions are
 supported              : IPv4, IPv6 (future)
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1852
 AH SHA (Keyed)  : YES
Implements RFC-1829
 ESP DES-CBC            : YES (with explicit IV)
Implements RFC-1851
 (3DES-CBC)  : YES (with explicit IV)
Implements AH HMAC MD5  : YES (RFC-2085 with optional 32 bits replay
counter)
Implements AH HMAC SHA-1: YES (draft-ietf-ipsec-ah-hmac-sha-01.txt with
                          optional 32 bits replay counter)
Implements Combined ESP
 (DES+MD5+Replay, etc)  : YES (MD5+DES+Replay, 
                          draft-ietf-ipsec-esp-des-md5-03.txt)
Other AH Implemented
 Transforms             : new AH (in progress)
Other ESP Implemented
 Transforms             : RC2-CBC, RC5-CBC
                        : new ESP (in progress)
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual, ISAKMP+Oakley, SKIP
Platforms               : NetWare/IntranetWare
Lineage of IPsec Code   : Referenced NRL
Lineage of Key Mgmt Code: Referenced Cisco
Key Mgmt Features       : Shared secret, Certificates: DNSSEC, X.509(in progress)
Location of Source Code : Proprietary
POINTS of Contact       : cj_lee@novell.com, benny_so@novell.com
Claimed Interoperability: Testing in progress

------------------------

Name of Implementation  : e-Lock VPN (Proposed name)
Version Described       : 0.2
Organization            : Frontier Technologies Corp.
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES, Transport mode, Tunnel mode in progress,
                          Explicit IV supported
Implements RFC-1829
 ESP DES-CBC            : YES, Tunnel mode, Transport mode partial in progress
Implements AH HMAC MD5  : YES, Transport mode, augmented RFC1828, 2085
Implements AH HMAC SHA-1: YES, Not tested yet
Implements Combined ESP
 (DES+MD5+Replay, etc)  : Partial, Replay+DES, MD5+DES+Replay,
                          SHA-1+DES+Replay in progress
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : YES, Proprietary
Transport mode          : NO
Tunnel mode             : NO
Key Management          : Manual, ISAKMP+Oakley in Progress
Platforms               : Windows NT 4.0, Win95 in progress, Win98 in progress,
                          Win NT 3.51 in progress
Lineage of IPsec Code   : Own Design, used many different reference models 
Lineage of Key Mgmt Code: Cisco
Key Mgmt Features       : 
Location of Source Code : proprietary
POINTS of Contact       : John@FrontierTech.com, 414-241-4555x215, Management
                          LawrenceT@FrontierTech.com, 414-241-4555, Project Lead
                          GlenJ@FrontierTech.com, 414-241-4555 x272, QA
                          Yes we are interested in doing over-the-Internet Testing
Claimed Interoperability: Tested at ANX in September 1997
                          (ESP-DES w/o auth, AH HMAC-MD5)
                          IBM, Cisco, TIS, HP, RedCreek,
                          Isolation Systems, CyLAN, Mentat, Secure Computing

------------------------


Name of Implementation  : Secure VPN/ NetBuilder
Version Described       : N/A
Organization            : 3 COM, Enterprise WAN division
Which IP versions are
 supported              : IPv4  
Implements RFC-1828
 AH MD5                 : In progress 
Implements RFC-1829
 ESP DES-CBC            : Yes
Implements AH HMAC MD5  : In progress 
Implements AH HMAC SHA-1: In progress
Implements Combined ESP
 (DES+MD5+Replay, etc)  : In progress
Other AH Implemented
 Transforms             : 
Other ESP Implemented
 Transforms             : 
Transport mode          : Yes
Tunnel mode             : Planned
Key Management          : Manual.  ISAKMP/Oakley in progress.
Platforms               : NetBuilder
Lineage of IPsec Code   : 3COM
Lineage of Key Mgmt Code: 3COM
Key Mgmt Features       : Shared secret & Certs
Location of Source Code : Proprietary.
POINTS of Contact       : James Lin (phone 408-764-6423, fax 408-764-5002,
                          james_lin@3com.com)
Claimed Interoperability: In progress

------------------------

Name of Implementation  : PERMIT/Gate
Version Described       :  
Organization            : TimeStep Corporation
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : NO, partial
Implements RFC-1829
 ESP DES-CBC            : NO, partial - explicit IV
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : All combinations Supported
Other AH Implemented
 Transforms             : There aren't any more to be
                          implemented ;-)
Other ESP Implemented   : 3DES, CAST, RC5, IDEA, Blowfish,
 Transforms             : YES
 Transport mode         : YES
 Tunnel mode            : YES
Key Management          : ISAKMP+Oakley, Manual
Platforms               : Embeded
Lineage of IPsec Code   : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt
Code                    : TimeStep IPSec Developer's Toolkit
Key Mgmt Features       : X.509 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact       : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
                          Raptor, CheckPoint, SSH, IBM, HP, IRE

------------------------

Name of Implementation  : PERMIT/Client
Version Described       : 1.0
Organization            : TimeStep Corporation
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : NO, partial
Implements RFC-1829
 ESP DES-CBC            : NO, partial - explicit IV
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : All combinations Supported
Other AH Implemented
 Transforms             : There aren't any more to be
                          implemented ;-)
Other ESP Implemented   : 3DES, CAST, RC5, IDEA, Blowfish,
 Transforms             : YES
 Transport mode         : YES
 Tunnel mode            : YES
Key Management          : ISAKMP+Oakley, Manual,
Platforms               : Windows NT 4.0, Windows 95, Macintosh
Lineage of IPsec Code   : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt Code: TimeStep IPSec Developer's Toolkit
Key Mgmt Features       : X.509 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact       : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
                          Raptor, CheckPoint, SSH, IBM, HP, IRE

------------------------

Name of Implementation  : TimeStep IPSec Developer's Toolkit
Version Described       : 1.0
Organization            : TimeStep Corporation
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES - explicit IV
Implements RFC-1829
 ESP DES-CBC            : YES, partial
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : All combinations Supported
Other AH Implemented
 Transforms             : There aren't any more to be
                          implemented ;-)
Other ESP Implemented   : 3DES, CAST, RC5, IDEA, Blowfish,
 Transforms             : YES
 Transport mode         : YES
 Tunnel mode            : YES
Key Management          : ISAKMP+Oakley, Manual,
Platforms               : platform - independent
Lineage of IPsec Code   : TimeStep IPSec Developer's Toolkit
Lineage of Key Mgmt Code: TimeStep IPSec Developer's Toolkit
Key Mgmt Features       : X5.09 Certs, Shared secret
Location of Source Code : proprietary, licensable
POINTS of Contact       : Roy Pereira <rpereira@timestep.com>
Claimed Interoperability: Cisco, Microsoft, RadGuard, TIS, Entrust,
                          Raptor, CheckPoint, SSH, IBM, HP, IRE

------------------------

Name of Implementation  : IPv6 for HP-UX 9.05
Version Described       : 
Organization            : Swedish Institute of Computer Science (SICS)
Which IP versions are
 supported              : IPv6
Implements RFC-1828
 AH MD5                 : In Progress
Implements RFC-1829
 ESP DES-CBC            : In Progress
Implements AH HMAC MD5  : In Progress
Implements AH HMAC SHA-1: In Progress
Implements Combined ESP
 (DES+MD5+Replay, etc)  : NO

Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : NO
Transport mode          : In Progress
Tunnel mode             : In Progress
Key Management          : Manual
Platforms               : HP-UX
Lineage of IPsec Code   : NRL
Lineage of Key Mgmt Code: 
Key Mgmt Features       : 
Location of Source Code : proprietary
POINTS of Contact       : peter@sics.se, lalle@sics.se
Claimed Interoperability: 

------------------------


Name of Implementation  : Firewall-1, Firewall-1 ANX Pilot
Version Described       : 3.0 and the code for the ANX pilot (no version
                          number yet).
Organization            : Check Point Software Technologies
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1829
 ESP DES-CBC            : YES
Implements AH HMAC MD5  : YES (only in ANX pilot code)
Implements AH HMAC SHA-1: YES (only in ANX pilot code)
Implements Combined ESP
 (DES+MD5+Replay, etc)  : DES+MD5+replay (only in ANX pilot code)
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : YES (DES with 32 bit IV, RC4-40)
Transport mode          : NO
Tunnel mode             : YES
Key Management          : Manual, ISAKMP+Oakley (only in ANX pilot code),
                          SKIP, proprietary
Platforms               : Solaris, SunOS 4, HPUX, AIX, NT.
Lineage of IPsec Code   : Check Point
Lineage of Key Mgmt Code: Check Point
Key Mgmt Features       : for ANX pilot code: Shared secret, Certs 
                          for 3.0: proprietary certificate based key mgmt.
Location of Source Code : "proprietary" 
POINTS of Contact       : roy@checkpoint.com, joeh@us.checkpoint.com
Claimed Interoperability: Cisco, Radguard, TIS, Raptor, Entrust, IBM,
                          Sunscreen, Toshiba SKIP, Isolation, IRE, Cylan.

------------------------


Name of Implementation  : CyLAN IPSEC and ISAKMP/Oakley Toolkit
Version Described       : Version 3.0
Organization            : CyLAN Technologies
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES.
Implements RFC-1852
 AH SHA-1               : YES.
Implements RFC-1851
 Tiple DES              : YES.
Implements RFC-1829
 ESP DES-CBC            : YES. Explicit and Implicit IV, With or without
Replay.
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : All combinations of DES/3DES, SHA-1/MD5
                          and Replay/No-Replay.
Other AH Implemented
 Transforms             : No
Other ESP Implemented
 Transforms             : 3DES with or without Replay.
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual, ISAKMP+Oakley
Platforms               : Portable Source Code
Lineage of IPsec Code   : CyLAN
Lineage of Key Mgmt Code: Cisco with CyLAN modifications.
Key Mgmt Features       : Shared secret, RSA keys, DSS keys,
                          Quick Mode PFS, MODP groups 1 and 2.
Location of Source Code : "proprietary"
POINTS of Contact       : Saroop Mathur   Phone 408-541-0400,
                          Email:saroop@cylan.com
Claimed Interoperability: Cisco, Checkpoint, Raptor, Timestep,
                          Radguard, Microsoft, Intel, Redcreek,
                          Secure Computing, Frontier,
                          Rainbow Technologies, Hewlett-Packard
                          Semaphore, Mentat, Ascend,
                          Datafellows, FTP Software

------------------------


Name of Implementation  : OpenBSD
Version Described       : 2.2
Organization            : OpenBSD Project
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1829
 ESP DES-CBC            : YES (32/64 bit IVs)
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : YES, any combination of {DES,3DES} and
                          {MD5,SHA1}
                          Also does the new-style padding (proposed
                          during the ANX), and old-ESP simulation
Other AH Implemented
 Transforms             : Planned Tiger, RIPEMD-160
Other ESP Implemented
 Transforms             : Planned Tiger/RIPEMD-160
                          Blowfish/CAST128/RC5/RC4 
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual, Photuris
Platforms               : OpenBSD, all platforms
Lineage of IPsec Code   : OpenBSD, JI
Lineage of Key Mgmt Code: OpenBSD, AK (assuming that means me :-)
Key Mgmt Features       : Implemented: Shared secret
                          Planned: PGP/SPKI certs
Location of Source Code : http://www.openbsd.org
POINTS of Contact       : angelos@openbsd.org (DSL, University of
                          Pennsylvania), provos@openbsd.org,
                          deraadt@openbsd.org
Claimed Interoperability: too many to list here -- last two were
                          Mentat and SSH

------------------------


Name of Implementation  : BorderWare Firewall Server
Version Described       : 5.0
Organization            : Secure Computing Corporation
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : Yes
Implements RFC-1829
 ESP DES-CBC            : YES
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: NO
Implements Combined ESP
 (DES+MD5+Replay, etc)  : NO
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : DES-CBC, 3DES-CBC, RC4-40, RC4-128
Transport mode          : YES
Tunnel mode             : YES
Key Management          : proprietary
Platforms               : standalone firewall
Lineage of IPsec Code   : NRL
Lineage of Key Mgmt Code: Secure Computing
Key Mgmt Features       : RSA keys
Location of Source Code : proprietary
POINTS of Contact       : chk@tor.securecomputing.com
Claimed Interoperability: FTP Software Secure Client

------------------------


Name of Implementation  : (ANX Workshop implementation)
Version Described       : 
Organization            : Secure Computing Corporation
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1829
 ESP DES-CBC            : YES
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
rev.)
Implements Combined ESP
 (DES+MD5+Replay, etc)  : MD5+DES+Replay, SHA-1+DES+Replay, MD5+3DES+Replay,
                          SHA-1+3DES+Replay
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : RC4-40, RC4-128
Transport mode          : YES
Tunnel mode             : YES
Key Management          : ISAKMP+Oakley
Platforms               : proprietary OS based on BSDI 3.0
Lineage of IPsec Code   : NRL
Lineage of Key Mgmt Code: cisco
Key Mgmt Features       : Shared secret, Certs
Location of Source Code : proprietary
POINTS of Contact       : chk@tor.securecomputing.com
Claimed Interoperability: See ANX bakeoff (1997-09) results

------------------------


Name of Implementation  : Mentat TCP
Version Described       :
Organization            : Mentat Inc.
Which IP versions are
 supported              : IPv4 currently, IPv6 in progress
Implements RFC-1828
 AH MD5                 : YES (conforms to latest AH drafts with explicit IV)
Implements RFC-1829
 ESP DES-CBC            : YES (conforms to latest ESP drafts with explicit IV)
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : All combinations, explicit IV
Other AH Implemented
 Transforms             : SHA-1
Other ESP Implemented
 Transforms             : 3DES
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual currently, ISAKMP+Oakley planned
Platforms               : All STREAMS platforms
Lineage of IPsec Code   : Mentat Inc.,
                                DES:  Mentat Inc., KA9Q, Gillogly
                                MD5:  Mentat Inc., RSA
                                SHA1: Mentat Inc., Gillogly
Lineage of Key Mgmt Code: N/A
Key Mgmt Features       : N/A
Location of Source Code : proprietary (available for licensing)
POINTS of Contact       : DC Palter dc@mentat.com  tel: 310-208-2650x30
Claimed Interoperability: should interoperate with all compliant
                          implementations.
                          tested against AltaVista, Ascend, Cisco, Cylan,
                          DataFellows/SSH, FreeSWAN/BSD, Frontier, HP, IBM,
                          Isolation Systems,  Red Creek, Secure Computing

------------------------


Name of Implementation  : Eagle VPN 
Version Described       : Eagle 5.0
Organization         	  : Raptor Systems Inc.
Which IP versions are
supported               : IPv4
Implements RFC-1828
AH MD5                  : YES, AH_MD5 Explicit and AH_MD 5 Implicit IV.
Implements RFC-1829
ESP DES-CBC             : YES
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP : ESP_DES_MD5, ESP_DES_SHA1,
                          ESP_3DES_MD5, ESP_3DES_SHA1
Other AH Implemented
Transforms              : AH_SHA1
Other ESP Implemented   : RC2, RC5 in the plans
Transforms              : YES
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual, ISAKMP+Oakley
Platforms               : NT, Solaris, HPUX
Lineage of IPsec Code   : not applicable
Lineage of Key Mgmt Code: Entrust
Key Mgmt Features       : Shared secret, Certs
Location of Source Code : "proprietary" 
POINTS of Contact       : rmallal@raptor.com, jkraemer@raptor.com
Claimed Interoperability: Cisco, TIS, Radguard, Checkpoint, Cylan, Entrust

------------------------


Name of Implementation  : SSH IPSec
Version Described       : 1.0
Organization            : SSH Communications Security Oy
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES (no longer configurable)
Implements RFC-1829
 ESP DES-CBC            : YES, all options (no longer configurable)
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : HMAC-MD5-96: YES
                          HMAC-SHA-96: YES
                          ARCFOUR: In progress
                          DES: YES
                          Blowfish: YES
                          3DES: YES
                          All combinations of above.
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : NO
Transport mode          : YES/Partial
Tunnel mode             : YES
Key Management          : Manual
                          ISAKMP+Oakley
Platforms               : *BSD, Solaris/STREAMS (planned), Mac/STREAMS
                          (partial), NT (partial)
Lineage of IPsec Code   : SSH
Lineage of Key Mgmt Code: SSH
Key Mgmt Features       : Shared secret, Certs, SPKI (planned)
Location of Source Code : not yet available.
POINTS of Contact       : tmo@ssh.fi, mcr@ssh.fi
Claimed Interoperability: (see ANX results)

------------------------


Name of Implementation  : Secure Access
Version Described       : 
Organization            : Ascend Communications, Inc.
Which IP versions are
 supported              : IPv4
Implements RFC-1828
 AH MD5                 : YES
Implements RFC-1829
 ESP DES-CBC            : YES
Implements AH HMAC MD5  : YES
Implements AH HMAC SHA-1: YES
Implements Combined ESP
 (DES+MD5+Replay, etc)  : YES, all combinations of {DES,3DES},
                          {no auth,MD5,SHA1}, and {Replay,No Replay}
Other AH Implemented
 Transforms             : NO
Other ESP Implemented
 Transforms             : NO
Transport mode          : YES
Tunnel mode             : YES
Key Management          : Manual, ISAKMP+Oakley in progress
Platforms               : Ascend routers
Lineage of IPsec Code   : Ascend
Lineage of Key Mgmt Code: Ascend
Key Mgmt Features       : Shared secret; Certs are planned
Location of Source Code : proprietary
POINTS of Contact       : Doug LaBorde  (general info)
                          Karl Fox  (testing)
Claimed Interoperability: CyLAN, IBM, Secure Computing, Mentat,
                          Isolation Systems