On Sun, 20 Jul 1997, Alexander Meau wrote:
> What is swIPe ?
I forgot there's a paper on swIPe by Ioannidis and Blaze. Here's their
abstract of their paper on the topic:
swIPe is a network-layer security protocol for the IP protocol suite. This
paper presents the architecture, design philosophy, and performance of an
implementation of swIPe under several variants of Unix. swIPe provides
authentication, integrity, and confidentiality of IP datagrams, and is
completely compatible with the existing IP infrastructure. To maintain
this compatibility, swIPe is implemented using an encapsulation protocol.
Mechanism (the details of the protocol) is decoupled from policy (what and
when to protect) and key management. swIPe under Unix is implemented using
a virtual network interface. The parts of the implementation that process
incoming and outgoing packets are entirely in the kernel; parameter
setting and exception handling, however, are managed by user-level
processes. The performance of swIPe on modern workstations is primarily
limited only by the speed of the underlying authentication and encryption
algorithms; the mechanism overhead is negligible in our prototype.
Neil D. Quiogue
IPhil Communications Network, Inc.
e-mail: neil @