Date: Mon, 03 Jun 1996 08:41:37 -0700 From: Jim Binkley <jrb@cs.pdx.edu> To: freebsd-security@freebsd.org Subject: anyone working with IPSEC stack? Message-ID: <199606031541.IAA04957@sirius.cs.pdx.edu> In-Reply-To: Your message of "Mon, 03 Jun 1996 16:35:08 %2B0200." <199606031435.QAA06701@sea.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Has anyone taken the Naval Research Labs code for their ip security stack ("security at the network layer", but in fact it's more complicated than that) and ported/munged it into freebsd? Seems I'm about to do that this summer. The following is an overly simplistic explanation of what the NRL stack code does: 1. implements RFCs 1825 ... ;i.e., provides an AH (authentication header) and ESP (I can never remember what ESP stands for, but basically encryption/privacy) between provided ip src and dest 1.1 ah and esp are done for both ipv4 and ipv6, I'm not interested in ipv6 (at the moment, but there is an ipv6 implementation in the code. ah and esp are requirements for ipv6). 2. gives the kernel a new socket mechanism called a key socket so that keys can be associated with 3. includes a tunneling mechanism The particular crypto algorithms found in the stack are AH = keyed md5, and ESP=des-cbc. We will have to upgrade both of the AH and ESP "transforms" (algorithms basically) to SHA and a combined authentication/des algorithm. Whilst I am asking. Has anyone done any work with pc cards that support crypto algorithms, e.g., a des card say? regards, Jim Binkley jrb@cs.pdx.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606031541.IAA04957>