Re: IPsec hardware accelerators (Rainbow warning)
"PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com> Thu, 13 February 1997 16:47 UTC
Received: from cnri by ietf.org id aa27265; 13 Feb 97 11:47 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa21057; 13 Feb 97 11:47 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA06187 for ipsec-outgoing; Thu, 13 Feb 1997 11:35:30 -0500 (EST)
Message-Id: <199702131634.IAA15027@mailsun3-fddi.us.oracle.com>
Date: Thu, 13 Feb 1997 00:20:56 -0800
From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
To: ipsec@tis.com
Subject: Re: IPsec hardware accelerators (Rainbow warning)
Cc: gnu@toad.com
MIME-Version: 1.0
X-Mailer: Oracle InterOffice (version 4.0.4.0.25)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
An old message (Jan.) that seems to have been stuck in one of my out boxes ... Paul ------------------ John, please be fair about "compatibility": >The Clipper Chip and its follow-on >products are not compatible with the IPSEC protocols, >because they use an undocumented encryption algorithm >and because they are designed to >undermine rather than provide secure operation. Undocumented cryptographic algorithms are very compatible with IPSEC. Cryptographic flexibility is one of the main design features of this set of protocols. It is true that our IPSEC set of mandatory to implement algorithms will never contain a undocumented encryption algorithm. There is no reason that the "encapsulating" protocol (ESP) could not use anyones favorite algorithm (documented or not). The ISAKMP negotiation should allow selection of a common algorithm between two IPSEC systems. It just so happens that the "favorite" algorithms of the US Government are available in the Fortezza card. I also believe that cryptographic algorithms are "stronger" when they are not published. So, Fortezza is compatible with IPsec, it just is not the recommended IETF set of algorithms :-) Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul Lambert Director of Security Products Oracle Corporation Phone: (415) 506-0370 500 Oracle Parkway, Box 659410 Fax: (415) 633-2963 Redwood Shores, CA 94065 E-Mail: palamber@us.oracle.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Secure Jobs" -> send resumes to: palamber@us.oracle.com Security Architect - Hands on lead with strong design skills Sr. Development Manager - 6+ experience with 3+ leading teams Security Product Manager(s) - Excellent verbal and written skills with background in security. Senior SW Dev. - 6+ experience in SW development SW Developer(s) - Strong coding skills and abilities or interest in: (C++, Java, CORBA, security, X.500, etc.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Re: IPsec hardware accelerators (Rainbow warning) Jeremey Barrett
- RE: IPsec hardware accelerators (Rainbow warning) Roy Pereira
- RE: IPsec hardware accelerators (Rainbow warning) Bob Monsour
- Re: IPsec hardware accelerators (Rainbow warning) PALAMBER.US.ORACLE.COM