From Paul_Lambert@poncho.phx.sectel.mot.com Tue Feb 2 04:51:27 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA18810 (5.65c/IDA-1.4.4 for ); Tue, 2 Feb 1993 13:44:00 -0500 Received: from motgate.mot.com by interlock.ans.net with SMTP id AA12459 (InterLock SMTP Gateway 1.1 for ); Tue, 2 Feb 1993 13:41:58 -0500 Received: from pobox.mot.com ([129.188.137.100]) by motgate.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA00117; Tue, 2 Feb 1993 12:42:17 -0600 Received: from phx.sectel.mot.com ([192.94.147.2]) by pobox.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA16974; Tue, 2 Feb 1993 12:42:15 -0600 Received: from poncho.phx.sectel.mot.com by phx.sectel.mot.com (4.1/SMI-4.1) id AA12780; Tue, 2 Feb 93 11:40:57 MST Received: from SECTEL (QM 2.5.1) by poncho.phx.sectel.mot.com (SMTP\QM 1.1.3) id AA32303; Tue, 2 Feb 1993 11:51:34 MST Message-Id: <00112.2811498694.32303@poncho.phx.sectel.mot.com> X-Charset: MACINTOSH To: ipsec@ans.net (ip security mailing list) From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) Date: Tue, 2 Feb 1993 11:51:27 MST Subject: Amsterdam? Subject: Amsterdam? Message: IPSEC'ers The March meeting will be upon us soon. If anyone has a specific presentation or topic they would like on our agenda, please let me know soon. For now, we will be reserving only one WG session. Will this one session (2 hours) be enough for our discussions? Also, is anyone interested in a IPSEC working group session in Amsterdam? Paul From shirey@mitre.org Tue Feb 2 11:58:09 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA30162 (5.65c/IDA-1.4.4 for ); Tue, 2 Feb 1993 17:35:02 -0500 Received: from mwunix.mitre.org by interlock.ans.net with SMTP id AA04108 (InterLock SMTP Gateway 1.1 for ); Tue, 2 Feb 1993 17:34:04 -0500 Return-Path: Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.65c/SMI-2.2) id AA24609; Tue, 2 Feb 1993 17:34:44 -0500 Received: from [128.29.140.100] (shirey-mac.mitre.org) by smiley.mitre.org.sit (4.1/SMI-4.1) id AA15438; Tue, 2 Feb 93 16:56:40 EST Message-Id: <9302022156.AA15438@smiley.mitre.org.sit> Date: Tue, 2 Feb 1993 16:58:09 -0500 To: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) From: shirey@mitre.org (Robert W. Shirey) X-Sender: shirey@smiley.mitre.org (Unverified) Subject: Re: Amsterdam? Cc: ipsec@ans.net (ip security mailing list) I don't see why there should not be normal, continuing meetings of the existing working groups in Amsterdam. If there are not, then it is not an IETF and there is no point to all of us going. If the reason is that people can't go just because it is overseas, that information needs to be give to the IESG. From Paul_Lambert@poncho.phx.sectel.mot.com Tue Feb 2 08:46:30 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA65713 (5.65c/IDA-1.4.4 for ); Tue, 2 Feb 1993 17:44:15 -0500 Received: from motgate.mot.com by interlock.ans.net with SMTP id AA04145 (InterLock SMTP Gateway 1.1 for ); Tue, 2 Feb 1993 17:43:02 -0500 Received: from pobox.mot.com ([129.188.137.100]) by motgate.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA11372; Tue, 2 Feb 1993 16:43:20 -0600 Received: from phx.sectel.mot.com ([192.94.147.2]) by pobox.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA03672; Tue, 2 Feb 1993 16:43:18 -0600 Received: from poncho.phx.sectel.mot.com by phx.sectel.mot.com (4.1/SMI-4.1) id AA13879; Tue, 2 Feb 93 15:42:00 MST Received: from SECTEL (QM 2.5.1) by poncho.phx.sectel.mot.com (SMTP\QM 1.1.3) id AA32361; Tue, 2 Feb 1993 15:51:20 MST Message-Id: <00112.2811513080.32361@poncho.phx.sectel.mot.com> X-Charset: MACINTOSH To: ipsec@ans.net (ip security mailing list) From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) Date: Tue, 2 Feb 1993 15:46:30 MST Subject: FWD>IPSEC- IPSEC- March IET From INTERNET FWD>IPSEC: IPSEC- March IETF- D The IPSEC Working Group will meet: WEDNESDAY, March 31, 1993 9:30-12:00 noon during the Twenty-Sixth IETF in Ohio. Paul From Paul_Lambert@poncho.phx.sectel.mot.com Tue Feb 2 09:36:34 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA61245 (5.65c/IDA-1.4.4 for ); Tue, 2 Feb 1993 18:46:23 -0500 Received: from motgate.mot.com by interlock.ans.net with SMTP id AA07293 (InterLock SMTP Gateway 1.1 for ); Tue, 2 Feb 1993 18:45:25 -0500 Received: from pobox.mot.com ([129.188.137.100]) by motgate.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA13923; Tue, 2 Feb 1993 17:45:45 -0600 Received: from phx.sectel.mot.com ([192.94.147.2]) by pobox.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA07346; Tue, 2 Feb 1993 17:45:42 -0600 Received: from poncho.phx.sectel.mot.com by phx.sectel.mot.com (4.1/SMI-4.1) id AA13957; Tue, 2 Feb 93 16:44:24 MST Received: from SECTEL (QM 2.5.1) by poncho.phx.sectel.mot.com (SMTP\QM 1.1.3) id AA32371; Tue, 2 Feb 1993 16:54:59 MST Message-Id: <00112.2811516899.32371@poncho.phx.sectel.mot.com> X-Charset: MACINTOSH To: shirey@mitre.org (Robert W. Shirey) Cc: ipsec@ans.net (ip security mailing list) From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) Date: Tue, 2 Feb 1993 16:36:34 MST Subject: Re: >Amsterdam? Reply to: RE>>Amsterdam? >I don't see why there should not be normal, continuing meetings of the >existing working groups in Amsterdam. If there are not, then it is not an >IETF and there is no point to all of us going. If the reason is that >people can't go just because it is overseas, that information needs to be >give to the IESG. Rob, I agree, but currently only a fraction of all working groups have committed themselves to meeting in Amsterdam. If you are interested in which groups are currently planning to meet this information was posted by Megan: >I have placed a draft agenda for Amsterdam in the remote >directories under 0mtg-agenda.ams.txt I'm sure that after the Ohio meeting more groups will sign up for Amsterdam. Paul From Paul_Lambert@poncho.phx.sectel.mot.com Wed Feb 10 04:06:55 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA04984 (5.65c/IDA-1.4.4 for ); Wed, 10 Feb 1993 13:02:51 -0500 Received: from motgate.mot.com by interlock.ans.net with SMTP id AA03655 (InterLock SMTP Gateway 1.1 for ); Wed, 10 Feb 1993 13:00:50 -0500 Received: from pobox.mot.com ([129.188.137.100]) by motgate.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA19603; Wed, 10 Feb 1993 12:01:08 -0600 Received: from phx.sectel.mot.com ([192.94.147.2]) by pobox.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA02382; Wed, 10 Feb 1993 12:01:05 -0600 Received: from poncho.phx.sectel.mot.com by phx.sectel.mot.com (4.1/SMI-4.1) id AA27037; Wed, 10 Feb 93 11:01:08 MST Received: from SECTEL (QM 2.5.1) by poncho.phx.sectel.mot.com (SMTP\QM 1.1.3) id AA32828; Wed, 10 Feb 1993 11:10:45 MST Message-Id: <00112.2812187445.32828@poncho.phx.sectel.mot.com> X-Charset: MACINTOSH To: ipsec@ans.net (ip security mailing list) From: Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) Date: Wed, 10 Feb 1993 11:06:55 MST Subject: IPSEC Reference Documents IPSEC Reference Documents IPSECers I've just received the latest copy of: ISO-IEC DIS 11577, Information Technology - Telecommunications and Information Exchange Between Systems - Network Layer Security Protocol, November 29, 1992. I'll send out copies to anyone in the group that wants a copy. Just send me a note with your snail-mail address. Paul From lambert@phx.sectel.mot.com Mon Feb 15 09:18:07 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA20064 (5.65c/IDA-1.4.4 for ); Mon, 15 Feb 1993 18:20:10 -0500 Received: from motgate.mot.com by interlock.ans.net with SMTP id AA25150 (InterLock SMTP Gateway 1.1 for ); Mon, 15 Feb 1993 18:18:42 -0500 Received: from pobox.mot.com ([129.188.137.100]) by motgate.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6 for ) id AA05002; Mon, 15 Feb 1993 17:18:29 -0600 Received: from phx.sectel.mot.com ([192.94.147.2]) by pobox.mot.com with SMTP (5.65c/IDA-1.4.4/MOT-2.6) id AA10978; Mon, 15 Feb 1993 17:18:26 -0600 Received: from oasis.sectel by phx.sectel.mot.com (4.1/SMI-4.1) id AA07015; Mon, 15 Feb 93 16:18:07 MST Date: Mon, 15 Feb 93 16:18:07 MST From: lambert@phx.sectel.mot.com (Paul Lambert) Message-Id: <9302152318.AA07015@ phx.sectel.mot.com> To: big-Internet@munnari.oz.au, atkinson@tengwar.itd.nrl.navy.mil Subject: Re: Metro addressing & Re: Address uniqueness Cc: ipsec@ans.net Ran, I have just a small clarification on your comments on network security protocols. > II. > On an unrelated note, let me explain quickly why security folks like > to have unique absolute addresses. The term "EID" means different > things to different people and so I'm not going to try to talk in > terms of EIDs here. I also still don't fully understand all parts of > PIP so I won't address it here either. PIP appears to be non-trivial > to secure, but perhaps that is because I don't understand PIP well > enough. > > The existing security protocols (SP3 and ISO NLSP) use frame > encapsulation to provide protection; I won't address either > specifically, but will try to describe a generic process. One takes > the real network layer datagram and protects using a transformation > that is reversible and provides some security properties (e.g. > confidentiality, authentication, integrity). One then treats the > output of that transformation as payload and puts it into a new > network layer datagram with a normal unprotected network header. > The protected information _cannot_ be modified or altered whilst in > transit without that modification causing the back transformation to > fail. The information in the unprotected header should not be > altered whilst in transit (except maybe a TTL field). At the receive > end, the protected data is transformed back into normal form for > processing. However the process of unprotecting it might rely on the > values of fields in the unprotected header to give clues as to how to > unprotect it (e.g. data from system A might use one kind of > transformation while data from system B might use a different kind of > transformation). > > Ran > atkinson@itd.nrl.navy.mil > Both SP3 (Security Protocol Layer 3) and NLSP (Network layer Security Protocol - ISO-IEC 11577) have variable length fields that are used to determine how a datagram should be unprotected. The Security Association Identifier (SAID, Key ID in SP3) determines the algorithm, cryptographic key, and all other information required to decrypt the protected information. These protocols do not rely on any information from lower layers. Except, ... for a mutant option of connection-oriented NLSP that uses the address information from an X.25 connection to determine the "security association". Paul From shirey@mitre.org Thu Feb 25 12:30:59 1993 Received: from interlock.ans.net by nis.ans.net with SMTP id AA46621 (5.65c/IDA-1.4.4 for ); Thu, 25 Feb 1993 17:30:06 -0500 Received: from mwunix.mitre.org by interlock.ans.net with SMTP id AA20198 (InterLock SMTP Gateway 1.1 for ); Thu, 25 Feb 1993 17:27:51 -0500 Return-Path: Received: from smiley.mitre.org.sit (smiley.mitre.org) by mwunix.mitre.org (5.65c/SMI-2.2) id AA21927; Thu, 25 Feb 1993 17:28:32 -0500 Received: from [128.29.140.100] (shirey-mac.mitre.org) by smiley.mitre.org.sit (4.1/SMI-4.1) id AA18376; Thu, 25 Feb 93 17:28:16 EST Message-Id: <9302252228.AA18376@smiley.mitre.org.sit> Date: Thu, 25 Feb 1993 17:30:59 -0500 To: ipsec@ans.net (ip security mailing list), Paul_Lambert@poncho.phx.sectel.mot.com (Paul Lambert) From: shirey@mitre.org (Robert W. Shirey) X-Sender: shirey@smiley.mitre.org Subject: Re: IPSEC Reference Documents Please do send a copy if you have not already. Regards, -Rob- Robert W. Shirey, The MITRE Corporation, Mail Stop Z202 7525 Colshire Dr., McLean, Virginia 22102-3481 USA shirey@mitre.org * tel 703-883-7210 * fax 703-883-1397