Date: Mon, 03 Jun 1996 08:41:37 -0700 From: Jim Binkley <jrb@cs.pdx.edu> To: freebsd-security@freebsd.org Subject: anyone working with IPSEC stack? Message-ID: <199606031541.IAA04957@sirius.cs.pdx.edu> In-Reply-To: Your message of "Mon, 03 Jun 1996 16:35:08 %2B0200." <199606031435.QAA06701@sea.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Has anyone taken the Naval Research Labs code for
their ip security stack ("security at the network layer",
but in fact it's more complicated than that) and ported/munged
it into freebsd? Seems I'm about to do that this summer.
The following is an overly simplistic explanation of what
the NRL stack code does:
1. implements RFCs 1825 ... ;i.e., provides
an AH (authentication header) and ESP (I can never
remember what ESP stands for, but basically
encryption/privacy) between provided ip
src and dest
1.1 ah and esp are done for both ipv4 and ipv6,
I'm not interested in ipv6 (at the moment, but there
is an ipv6 implementation in the code. ah and esp
are requirements for ipv6).
2. gives the kernel a new socket mechanism called
a key socket so that keys can be associated with
3. includes a tunneling mechanism
The particular crypto algorithms found in the stack are
AH = keyed md5, and ESP=des-cbc. We will have to upgrade
both of the AH and ESP "transforms" (algorithms basically)
to SHA and a combined authentication/des algorithm.
Whilst I am asking. Has anyone done any work with pc cards
that support crypto algorithms, e.g., a des card say?
regards,
Jim Binkley
jrb@cs.pdx.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606031541.IAA04957>