At 03:30 PM 8/23/96 cst, William Hinton wrote:
> Does anyone know of a current or proposed encryption standard that
> would allow multi-vendor firewalls to encrypt data between each
> other?
Funny thing is, there are at least a couple of emerging standard solutions
to your question. The IP Security Working Group (IPSec WG) of the Internet
Engineering Task Force has been at work on providing both very strong
authentication and very strong security to IP packets for at least a couple
of years. RFC1825 gives a good overview of what's planned, and although not
all details are pinned down, there is consensus on most issues.
The encryption standard will be CBC mode DES with 56 bit keys. Sender and
receiver will exchange new keys every 30 minutes, using something like RSA.
The major stumbling block is lack of agreement on how to do the key
management without specifying a vendor-proprietary scheme which everyone
else will have to license. If you want to see the gory detail of the
discussion, subscribe to the IPSec email distribution at:
ipsec-request @
ans .
net
In the body of the message, include the following:
subscribe ipsec
Now I should qualify everything I've just said. None of this specifically
addresses firewalls. The IP Security software will be in each host; the
presence or absence of firewalls in this architecture is unimportant (except
that firewalls will have to recongize the special IP Security information in
the IP header). Each host will be responsible for including in the IP
header information to authenticate the packet and, if encryption is used, to
find the security associations necessary to decrypt. I notice you're at a
military location. A good deal of the work in IP Security was done by a
number of individuals at the U.S. Naval Research Labs in the D.C. area.
Good luck.
Jerry Mendes, Principal Consultant
DataComm Insights, Mill Valley, California
(415) 381-5500
mendes @
garnet .
berkeley .
edu
|
|
