IPsec Interoperability Week #1
Robert Moskowitz <rgm3@chrysler.com> Thu, 21 November 1996 21:43 UTC
Received: from cnri by ietf.org id aa00761; 21 Nov 96 16:43 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa21456; 21 Nov 96 16:43 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA07348 for ipsec-outgoing; Thu, 21 Nov 1996 16:35:14 -0500 (EST)
Message-Id: <3.0b36.32.19961121163033.0093be20@pop3hub.is.chrysler.com>
Reply-To: rgm3@chrysler.com
X-Sender: rgm3@pop3hub.is.chrysler.com
X-Mailer: Windows Eudora Pro Version 3.0b36 (32)
Date: Thu, 21 Nov 1996 16:35:41 -0500
To: ipsec@tis.com
From: Robert Moskowitz <rgm3@chrysler.com>
Subject: IPsec Interoperability Week #1
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-MIME-Autoconverted: from quoted-printable to 8bit by portal.ex.tis.com id QAA07345
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by portal.ex.tis.com id QAB07348
The following is a proposal from the AIAG to all IPSec implementors. We are very serious about getting product. To the extent that we will supply resources to get interoperablity. Below is the general plan for an interoperability week. Please discuss it here, amongst yourselves and with us. We are open to fleshing out (ie nailing down) what ever details are appropriate. Of course, I will be at IETF to take what ever blooding deemed appropriate, just remember that I have to leave on friday ;) IPsec Interoperability Week #1 TO: All implementers of the Ipsec protocols From: The Automotive Industry Action Group ANX Security work group What: 1st working session for IPsec interoperability Where: MCIs Richardson Texas test facilities When: January 6th - 10th, 1997 Participation Contact: fbowdon@mcimail.com (810 351-5124), cwinter@mcimail.com (810 351-5257) RSVP by: Dec 10th, 1997 Document Questions/Issues: rgm3@chrysler.com by Dec 6th, 1996 GOALS: Determine the current state of deployablity of IPsec components for the Auto industry. At this time, demonstration of Key management via Oakley/ISAKMP is very important to the ANX work group. The intention is to create as close to a real world inter-company environment for vendor testing. Multiple scenario testing will be desired. Work on the basis that firewalls, split DNS, and private addressing is common. Subsets of these situations will be documented. Participants minimally need to have product that uses RFCs 1825-9, Oakley aggressive or main mode with authentication with pre-shared keys Border-to-border via tunneling Consider access to trade zones or entire company network. Remote-to-border Remote-to-interior Interior-to-foreign border Through local border Interior-to-interior Technology to demonstrate interoperability: Basic IPsec protocols, emphasis on ESP-HMAC (add draft name here) Keying material for IPsec setup with Key Management exchange via Oakley/ISAKMP (Choice of ANX wg) (all three drafts) Proxy modes Please provide Oakley modes demonstrable at this time. Public key format of X.509v3 Keys can be cached X.509 key retrieval via LDAP CA will be provided for testing Subsets of these will be documented by product. A more compete testing matrix and success criteria will be developed between now and Dec 8th. Policy issues will be sorted out as well is operational: Unintended routing through multiple tunnels Access control granularity Oakley and ESP options as X.509 extensions Des vs 3Des, Compression supported, others The test facility will be connected to the Internet, so vendors unable to attend are encouraged to contact the MCI coordination team (TBN) to work out arrangements for remote participation. Follow up testing will be planned for 2Q97. Robert Moskowitz Chrysler Corporation (810) 758-8212
- IPsec Interoperability Week #1 Robert Moskowitz