SKIP Alpha-2 Source release
Tom Markson <markson@osmosys.incog.com> Fri, 09 February 1996 11:35 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa10350; 9 Feb 96 6:35 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa10346; 9 Feb 96 6:35 EST
Received: from p-o.ans.net by CNRI.Reston.VA.US id aa05209; 9 Feb 96 6:35 EST
Received: by p-o.ans.net id AA04670 (5.65c/IDA-1.4.4 for ipsec-outgoing); Fri, 9 Feb 1996 11:17:52 GMT
Date: Fri, 09 Feb 1996 03:18:33 -0800
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Tom Markson <markson@osmosys.incog.com>
Message-Id: <9602091118.AA19134@monster.incog.com>
To: ipsec@ans.net
Subject: SKIP Alpha-2 Source release
X-Orig-Sender: ipsec-owner@ans.net
Precedence: bulk
Reply-To: ipsec@ans.net
Hi, We've just released the Alpha-2 SKIP reference source for SunOS 4.1.3. This is a bug fix release of our Alpha-1 Source reference Source. The source is available from http://skip.incog.com. Included in this mail message are excerpts from the README file for the the package. Enjoy! Tom Markson Sun Microsystems ------------------------------------------------------------------------- ALPHA 2 Release of SKIP Reference Source for SunOS 4.1.3 -------------------------------------------------------- Overview and Release Notes Overview -------- SKIP is a Key-management protocol for IP based protocols. It is an acronym for Simple Key-management for Internet Protocols. SKIP is documented in the SKIP IETF IPSEC draft included in this directory as draft-ietf-ipsec-skip-06.txt. The most recent SKIP draft is always available at http://skip.incog.com and the Internet-Drafts directories. >From this public domain source release, you can build a fully functional IP-layer encryption package which supports DES and Triple-DES for SunOS 4.1.3. This means that every IP networked application can have it's network traffic encrypted. Unlike application level encryption packages, this package encrypts IP packets. Thus, applications do not need to be recompiled or modified to take advantage of encryption. The SKIP source is possible through the efforts of engineers in Sun Microsystems Internet Commerce Group. The developers and designers are Ashar Aziz, Tom Markson, Martin Patterson, Hemma Prafullchandra and Joseph Reveane. Linda Cavanaugh worked on the documentation. The package compiles under both the SunPro compiler and GCC. We expect that this release should port without too much pain to any operating system which uses BSD style networking (mbufs). A legal warning: Because this package contains strong encryption, the Software must not be transferred to persons who are not US citizens or permanent residents of the US, or exported outside the US (except Canada) in any form (including by electronic transmission) without prior written approval from the US Government. Non-compliance with these restrictions constitutes a violation of the U.S. Export Control Laws. This source release may be used for both commercial and noncommercial purposes, subject to the restrictions described in the software and patent license statements. Furthermore, Sun Microsystems has licensed the Stanford public key patents from Cylink Corp. which are available to users of this package on a royalty free basis. The patent statement is in README.PATENT. Be sure to read this, as it contains some restrictions and other important information. Also included in this release is a high speed Big Number package written by Colin Plumb. bnlib/legal.c contains Colin's software license statement. Features -------- 1. SKIP V2 compliant implementation using ESP encapsulation. 2. Support for DES/3DES for traffic and key encryption. 3. Diffie-Hellman Public Key Agreement based system. 4. Full Support for manual establishment of master keys. 5. Support for multiple NSIDs and multiple local certificates. 6. GUI tool for user friendly manipulation of access control lists and key statistics. 7. Command line tools for manipulating access control lists, etc. 8. Implementation of the Certificate Discovery protocol fully integrated into SKIP. 9 Implementation of X.509 public key certificates. 10. Implementation of DSA signature algorithm for certificate signatures. 11. Implementation for MD2, MD5 and SHA message digest algorithms. 12. Implementation of ASN.1 DER encoding/decoding. 13. SunScreen(tm) SKIP compatibility mode. 14. Implementation of hashed public keys as defined in the SKIP draft. Implementation of programs to generate hashed public keys. 15. Certificate utilities to convert X.509 Certificates to hashed keys and print both X.509 and Hashed certificates. 16. High performance Big Number library for Diffie-Hellman calculations. 17. Implementation is effectively "public domain" and may be used both commercially and non-commercially. 18. Patent Agreement with Cylink allows roylaty-free use of the Diffie-Hellman and other Stanford patents with this package for commercial and non-commercial use. Read README.PATENT for some restrictions. 19. Inclusion of prime generation program used to generate the primes in SKIP draft. Release Notes ------------- Here are the release notes for this Alpha 2 release of the SKIP source. 1. This release is a bug fix release for Alpha-1. Major areas of change include: o Fix ESP and AH protocol numbers. o Fix Unsigned DH Public encoding. o Remove truncatation of shared secret (for this release only). o Various other Bug fixes. o Fix Triple DES. 2. This release does not interoperate with Alpha-1. Alpha-1 sites should upgrade. Alpha-1 had a bug where unsigned public keys were being encoded incorrectly. Therefore, unsigned DH keys generated with alpha-1 do not work with Alpha-2. Regenerate your unsigned public keys. X509 Certificates from alpha-1 will continue to work. 3. This release interoperates with Swiss ETH SKIP using unsigned DH keys and DES and triple DES. It was tested at the Dallas 1995 IETF. However, the certificate discovery protocol does not interoperate. This will be fixed in the next release. 4. This release does not fully comply with the SKIP drafts. It is closest to the 05 version of the draft. However, the shared secret is not truncated according to that draft. This change is made to interoperate with the ETH implementation. The next release will correspond to the 06 draft. ....
- SKIP Alpha-2 Source release Tom Markson