[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ANNOUNCE] New NRL IPsec Software Release

>Path: news.sigmasoft.com!news.tetherless.net!news.zeitgeist.net!bdt.com!miwok!hsno.wco.com!waldorf.csc.calpoly.edu!decwrl!usenet.cisco.com!rja
>From: Ran Atkinson <rja_(_at_)_inet_(_dot_)_org>
>Newsgroups: comp.security.unix,comp.security.misc
>Subject: [ANNOUNCE] New NRL IPsec Software Release
>Followup-To: poster
>Date: 2 Aug 1996 04:52:24 GMT
>Organization: The Internet
>Lines: 142
>Distribution: world
>Message-ID: <4ts1i8$n26_(_at_)_cronkite_(_dot_)_cisco_(_dot_)_com>
>NNTP-Posting-Host: puli.cisco.com
>Summary: July 1996 NRL software release available soon.
>Keywords: NRL, IPsec, PF_KEY, IPv6, security, encryption
>Originator: rja_(_at_)_cisco_(_dot_)_com
>Xref: news.sigmasoft.com comp.security.unix:6233 comp.security.misc:6190
The July 1996 NRL IPv6+IPsec Software Release for BSD is available now or very
soon from the following URLs.  Older NRL releases also remain available at
most of these sites so be careful which version you are downloading:

	US:	http://web.mit.edu/network/isakmp/
	US:	http://www.cisco.com/public/library/isakmp/ipsec.html
	Europe: ftp://ftp.ripe.net/ipv6/nrl/

The NRL software provides the following features:
	IP Security (IPsec) for IPv4 per the IETF standards
	IP Security (IPsec) for IPv6 per the IETF standards
	PF_KEY key management API and the related Key Engine

The NRL software will drop in painlessly to the following OSs:
	NetBSD current
	BSDI 2.1
	4.4-Lite BSD
	4.4 BSD encumbered

Other OSs using 4.4-Lite BSD networking code should be able to incorporate
this NRL software without much difficulty.  The software is freely
distributable for any purpose provided NRL is given due credit (see
the LICENSE in the distribution for details) as per usual BSD-style

The NRL software has been tested on the following hardware and is 
believed to work on all hardware supported by the above OSs:
	Sun 4c SPARCstations
	Intel i486 PCs
	Intel i586/Pentium PCs

For key management with the NRL software, one can use the freely distributable
ISAKMP+Oakley key management daemon for PF_KEY that has been developed by
cisco Systems.  This key management software is available from the MIT and
cisco web sites listed above.  With PF_KEY, one can also write one's own
key management daemon if one wishes to.

An abriged version of the NRL README file follows.

NRL IPv6/IPsec Software Distribution
Alpha Release 3        Release Notes                                July, 1996
====================================                                ==========


	The NRL IPv6/IPsec Software Distribution is a reference implementation
of IPv6 and IP Security for the 4.4BSD-Lite networking software. It is freely
distributable (subject to U.S. export controls) and usable for commercial and
non-commercial purposes as long as the NRL and UC Berkeley license terms are
adhered to.

	We have tested this software on SPARC systems using the UC Berkeley
4.4 BSD UNIX operating system with 4.4-Lite updates. We have also tested this
software on x86 systems running NetBSD 1.2, SPARC systems running NetBSD 1.2,
and x86 systems using BSDI 2.1. We believe that our code should be easily
portable to reasonable 4.4BSD derived systems (BSDI, NetBSD, OpenBSD, and
Lites). We believe that it would be difficult, though not impossible, to port
our code to other systems.

	This implementation includes kernel networking software, a small
IPv6 support library, and several applications (e.g. telnet, telnetd, ping,
tftp, tftpd, socktest, netstat, ifconfig, ping, route, tcpdump) modified to
support IPv6/IPsec. This implementation also includes the NRL Key Engine
(aka PF_KEY) and applications to interface with it. There are manual pages
for the modified and new software, but they might not yet be as detailed as
one might like.
	This "alpha-quality" release of the IPv6 software is intended to be
used by kernel hackers and implementers who want to get early access and
experience with IPv6 and IPsec. Use at your own risk. It is complete enough to
use for experimenting but it is not entirely complete. In some areas this is
because the IPv6 specifications are not yet stable.

What's New

	Alpha 3 (July, 1996)

	* Bug fixes

	* Lots of code cleanups. The code now compiles with almost
	  no warnings.

	* Sysctl adjustment of debugging verbosity levels. Look for
	  new variables named debug.inet6 and debug.key.

	* The 4.4BSD-Lite2 changes to the netinet code.

	* Eric Young's DES code has been replaced with Phil Karn's
          DES code. Phil's code is better and his licensing terms are
	  more reasonable.

	* HMAC-MD5, SHA, and HMAC-SHA AH transforms contributed by
	  Larry Bassham and NIST.

	* key(8) now uses hexadecimal SPIs instead of decimal. N.B.

	* The latest versions of tcpdump and telnet.

	* A port to NetBSD 1.2.

	* A port to BSDI 2.1.

	* A Linux port of the Key Engine and key(8) to Linux 2.0.

	* Minor mods to keep the code in sync with the current specs.

	Alpha 2 (January, 1996)

	* Bug fixes

	* Better multihomed support

	* Improvements to IPsec, and a step toward separating the IPsec/v6
	  dependency in this implementation.

	* Forwarding engine, and a crude router advertisement program.

	* Router advertisement handling.

	* Better route handlers, including default routes, network routes, and
	  cloning for easy Path MTU discovery.

	* Path MTU discovery.

	* Stateless address configuration, though with permanent lifetimes.

	* Up-to-date neighbor discovery.

	* Multicast option support (though no ICMP/IGMP messages yet)

	Alpha 1 (September, 1995)

	* Initial release