If you have no interest in network encryption products or
hearing about a commercial product on this mailing list,
please delete this message.
SUN EXTENDS INTERNET/INTRANET SECURITY
TO END USER DEVICES
SKIP for Solaris Broadens the Range of Security
Offered by the SunScreen Product Line
MOUNTAIN VIEW, Calif. -- August 30, 1996 -- Sun Microsystems'
Internet Commerce Group, today announced the availability of SKIP
(Simple Key management for IP) for Solaris (TM) operating environment,
the most recent addition to its SunScreen family of security and
electronic commerce products. Based on SKIP, a stateless protocol
which provides data encryption and authentication of the IP traffic
stream, SKIP for Solaris is a software module which enables end user
devices such as remote clients, workstations, and servers to securely
conduct business over the Internet and corporate intranets.
Besides enabling point-to-point communication, SKIP for Solaris
also permits remote or mobile employees and customers to securely
communicate with protected corporate sites when used with any of the
existing SunScreen firewall products. For example, SKIP for Solaris
enables banking institutions to facilitate secure home banking
transactions with customers via the Internet. Telecommunications
companies can also benefit by gaining the ability to offer access to
value-added services over the Internet.
"SKIP for Solaris leverages Sun's networking expertise and
complements our existing family of firewall products," said Humphrey
Polanen, general manager of the Sun Internet Commerce Group (ICG).
"It's an integral part of a complete, scalable security solution that
decreases the total cost of ownership for virtual private networking.
By incorporating unique features such as multicast capability and rapid
in-line key update, we've proven that we understand the issues which
must be addressed in order to truly enable electronic commerce over the
Internet."
SKIP provides security transparently to users, and it enables
secure communication without requiring knowledge of SKIP and without
modifications to existing applications. The SKIP key management
protocol is a mature, lightweight, network-layer protocol supporting
multicast as well as unicast IPv4 and IPv6 addressing; automatic
certificate discovery; encryption algorithm discovery; and Perfect
Forward Secrecy (PFS). Multicast IP can be used to provide secure
broadcasts (such as video over IP) to groups of users. Automatic
certificate discovery lets SKIP hosts exchange public-key certificates
without the need for manual intervention or floppy-swapping. Perfect
Forward Secrecy (PFS) provides security for past network traffic, even
if long-term keys are stolen or compromised.
The SKIP rapid in-line update of the keys used for traffic
encryption provides one of the highest levels of security currently
available for implementation on end system devices. SKIP changes the
encryption keys every 30 seconds or 500 kbytes by default to minimize
the amount of network data encrypted with a single key. This
significantly reduces the amount of data sacrificed in the instance
that an unauthorized party gains access to one of the keys.
Additionally, SKIP in-line key updates work even over uni-directional
links, such as IP delivered by satellite or cable broadcast. SKIP
encryption may coexist with other popular application encryption
schemes such as PGP, PEM, and SSL.
Pricing and Availability
SKIP for Solaris will be available on August 30 in three versions:
512-bit (global availability); 1024-bit (exportable for financial
institutions for financial transactions and to foreign subsidiaries of
U.S. chartered companies); and 2048-bit (domestic use only). Pricing
ranges from $99 for a single-user license to $10/copy for volumes of
5K-10K licenses. For additional information, please call (800)
820-9995 or send e-mail to SunScreen @
incog .
com .
SKIP for PC, which will be compatible with most commercial
TCP/IP stacks available for Microsoft Windows 3.x, Windows 95, and
Windows NT, will be commercially available later in the year.
End End End End End End End End End End End End End End End End End End
Here is what the different flavors will contain
Global Version
Diffie-Hellman operation limited to 512 bits
DES and RC2-40 allowed for key encryption
RC2-40 and RC4-40 allowed for traffic encryption
Export Controlled Version:
Diffie-Hellman operation limited to 1024 bits
DES and RC2-40 allowed for key encryption
DES, RC2-40 and RC4-40 allowed for traffic encryption
US & Canada Domestic Use Only Version:
Diffie-Hellman operation unlimited (currently 2048 bits)
Triple-DES, DES, Safer 128SK, and RC2-40 for key encryption
Triple-DES, DES, Safer 128SK, RC2-40 and RC4-40 for traffic
You can also check out http://incog.com
giff
|
|
