Dear audience,
Here is presented INSIDE Secure QuickSec IPsec toolkit and QuickSec VPNClient
answers to RFC 5996 and RFC 3948 questionnaires:
Answers to RFC5996 questionnaire:
---------------------------------
- Which of the IKEv2 exchanges you support:
- IKE_SA_INIT (includes support for SA, KE, Ni, Nr payloads)
All implemented and fully supported by QuickSec family of
products.
- IKE_AUTH (includes support for SK, IDi, IDr, AUTH, TSi, TSr
payloads)
All implemented and fully supported by QuickSec family of
products.
- CREATE_CHILD_SA
Supported by QuickSec family of products.
- INFORMATIONAL
Supported by QuickSec family of products.
- Which of the IKEv2 payloads your implementation supports
- CERT Certificate
- CERTREQ Certificate Request
- CP Configuration
- D Delete
- EAP Extensible Authentication
- N Notify
- V Vendor ID
All above are supported by QuickSec family of products.
- Which of the following processing semantics does your implementation support
(y/n):
- Can your implementation create a new child SAs with the
CREATE_CHILD_SA exchange?:
Yes, supported by QuickSec family of products.
- Can your implementation rekey an IKE SAs with the CREATE_CHILD_SA
Exchange?:
Yes, supported by QuickSec family of products.
- Can your implementation rekey a Child SAs with the CREATE_CHILD_SA
Exchange?:
Yes, supported by QuickSec family of products.
- Does your implementation support the INFORMATIONAL exchange?
Yes, supported by QuickSec family of products.
- Which of the IKEv2 authentication methods you support
- PKIX Certificates as specified in section 4
- Shared key authentication as specified in section 4
- Mixed authentication, where responder uses Certificates and
initiator uses shared key
All above are supported by QuickSec family of products.
-- Which of the usage scenarios does your implementation support (s1.1.1,
s1.1.2, and s1.1.3):
All scenarios supported by QuickSec family of products.
- What evidence do you have that your implementation can interoperate with
other implementations?
INSIDE Secure has always participated IPsec interoperability events, as
well, our QA for our implementation
has extensive interoperability tests using other vendor products.
- In your opinion, are there unused features in the RFC that greatly increase
implementation complexity?
No
- Errata was filed against RFC 5996 and has been included in
https://datatracker.ietf.org/doc/draft-kivinen-ipsecme-ikev2-rfc5996bis/; are
any of the
incorporated errata problematic for your implementation?
No
Answers to RFC3948 questionnaire:
---------------------------------
Here's a proposed set of question for RFC 3948 implementers:
The following questions document whether your implementation supports the
syntax and semantics of the protocol:
- Which of the following packet formats does your implementation support:
- UDP-Encapsulated ESP Header Format (y/n):
Y: Supported by QuickSec family of products.
- IKE Header Format for Port 4500 (y/n):
Y: Supported by QuickSec family of products.
- NAT-Keepalive Packet Format (y/n):
Y: Supported by QuickSec family of products.
- Which of the following encapsulation and decapsulation processing rules does
your implementation support:
- Auxiliary Processing
- Tunnel Mode Decapsulation NAT Procedure (y/n):
Y: Supported by QuickSec family of products.
- Transport Mode Decapsulation NAT Procedure (y/n):
Y: Supported by QuickSec family of products.
- Transport Mode ESP Encapsulation (y/n):
Y: Supported by QuickSec family of products.
- Transport Mode ESP Decapsulation (y/n):
Y: Supported by QuickSec family of products.
- Tunnel Mode ESP Encapsulation (y/n):
Y: Supported by QuickSec family of products.
- Tunnel Mode ESP Decapsulation (y/n):
Y: Supported by QuickSec family of products.
- Does your implementation support the NAT keepalive procedure? (y/n):
Y: Supported by QuickSec family of products.
The following questions document whether interoperability has been achieved as
well as other
intangibles the IESG will be interested.
- What evidence do you have that your implementation can interoperate with
other implementations?
INSIDE Secure has always participated IPsec interoperability events, as
well, our QA for our implementation
has extensive interoperability tests using other vendor products.
- In your opinion, are there unused features in the RFC that greatly increase
implementation complexity?
No
Additional information (optional):
Best Regards,
[cid:[email protected]]
Joonas Pylkkänen
Director R&D, Embedded Security Solutions
INSIDE Secure
[email protected]<mailto:[email protected]>
<<inline: image001.jpg>>
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
