Re: [IPsec] Other documents to upgrade to internet standard

Tue, 12 Nov 2013 03:02:31 -0800 

Hi,

speaking for the strongSwan Project I report that we
support and frequently use the following algorithms:

- RFC 5903: ECP Groups for IKE and IKEv2

- RFC 4754: IKE and IKEv2 Authentication Using the Elliptic
            Curve Digital Signature Algorithm (ECDSA)

- RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec ESP

ECP, ECDSA and AES-GCM interoperability has been successfully
tested multiple times with Microsoft's Vista/Windows 7 IKEv1
Advanced Firewall implementation.

Additionally starting with strongSwan 5.1.1, we support

- RFC 6932: Brainpool Elliptic Curves for the IKE
            Group Description Registry

as an alternative for the NIST curves.

Best regards

Andreas

On 11/07/2013 04:29 PM, Yoav Nir wrote:
> 
> On Nov 7, 2013, at 6:46 AM, <[email protected]> wrote:
> 
>> 
>> On Nov 7, 2013, at 2:11 AM, Yaron Sheffer <[email protected]>
>> wrote:
>> 
>>> ... IIRC we published RFC 5903 using the old code points because
>>> there was no objection, i.e. no indication that people had
>>> deployed pre-errata 4753. Whether this was the right thing to do
>>> or not is not very interesting now.
>>> 
>>> So, seeing that people are slowly moving to ECC, I would like
>>> some input from the group on whether to progress RFC 5903. We
>>> will need to demonstrate implementation experience to do that.
>> 
>> "Slowly moving"?  I'm not sure they are moving at all.  It may be
>> there are implementations of IPSec/IKE with ECC, but I've never
>> encountered one in the wild.
> 
> Huh?
> 
> The VPN products from Cisco, Juniper and Check Point support them, as
> well as both StrongSwan and OpenSwan. I'm sure there are others as
> well.
> 
> Yoav

======================================================================
Andreas Steffen                         [email protected]
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to