Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!metro!metro!asstdc.scgt.oz.au!nsw.news.telstra.net!act.news.telstra.net!psgrain!iafrica.com!pipex-sa.net!plug.news.pipex.net!pipex!hole.news.pipex.net!pipex!oleane!jussieu.fr!math.ohio-state.edu!cs.utexas.edu!uwm.edu!spool.mu.edu!usenet.eel.ufl.edu!news.ultranet.com!zombie.ncsc.mil!news.mathworks.com!newsfeed.internetmci.com!uuneo.neosoft.com!bonkers!not-for-mail From: ISAKMP+Oakley Maintainer <isakmp-oakley@cisco.com> Newsgroups: comp.unix.bsd.freebsd.announce Subject: Free Internet Key Management software Date: 1 Aug 1996 23:46:49 -0500 Organization: cisco Systems, Inc., Menlo Park, Ca. Lines: 65 Sender: daemon@taronga.com Approved: peter@taronga.com Message-ID: <4ts17p$8hl@bonkers.taronga.com> NNTP-Posting-Host: localhost.taronga.com Summary: Free Internet Key Management Software Keywords: cisco, NRL, PF_KEY, ISAKMP, Oakley, IETF, IPsec, security, BSD, TLS Cisco Systems is pleased to announce the release of the next version of their ISAKMP+Oakley Internet key management daemon. This software distribution is being made available free of charge for any commercial or non-commercial use to advance ISAKMP and Oakley as a solution to Internet Key Management. The "Internet Security Association & Key Management Protocol (ISAKMP)" is a leading proposal within the IETF to provide standard key management for Internet protocols, including IP Security (IPsec) and also for other network layers such as Transport-Layer Security (TLS). ISAKMP provides a scalable, flexible, and secure mechanism for establishing Security Associations among a set of communicating network parties. The "Oakley Session Key Exchange (Oakley)" provides a hybrid Diffie-Hellman session key exchange for use within the ISAKMP framework. Oakley provides the important property of "Perfect Forward Secrecy", among other attributes. ISAKMP and Oakley are documented online in the Internet Draft archives, for example at: ftp://ds.internic.net/internet-drafts/draft-ietf-ipsec-isakmp-05.txt ftp://ds.internic.net/internet-drafts/draft-ietf-ipsec-oakley-*.txt ftp://ds.internic.net/internet-drafts/draft-ietf-ipsec-isakmp-oakley-01.txt Major changes from the previous cisco ISAKMP+Oakley version include: * Compliance with draft-ietf-ipsec-isakmp-oakley-01.txt * HMAC-MD5 ("derived from the RSA Data Security, Inc. MD5 Message- Digest Algorithm") and HMAC-SHA support. * Colin Plumb's BigNum multiprecision integer library. * truerand() random number generator by Don Mitchell and Matt Blaze. The software can be obtained by pointing your favorite web browser to http://www.cisco.com/public/library/isakmp/isakmp.html and following the hot links. In the near future, the software will also be available from http://web.mit.edu/network/isakmp/ This software is export controlled under US laws and so is not available overseas. This key management daemon uses the PF_KEY Key Management API to register with a kernel which has implemented this API and the surrounding key management infrastructure. The NRL IPsec software distribution (currently bundled with IPv6, but provides IPsec for IPv4 and IPsec for IPv6 as well) is such an implementation. There are reports that recent versions of FreeBSD also support PF_KEY. Security associations negotiated by the ISAKMP daemon are inserted into the kernel's Key Engine and are available for use by its IETF-standard AH/ESP security mechanisms. To facilitate use of this ISAKMP daemon, the NRL IPsec+IPv6 distribution for BSD is also being made available an the same URLs described above. This distribution comes with a cryptographic library from Cylink Corporation. Cylink has granted Cisco the right to offer this library-- source code to the Diffie-Hellman key exchange, the Digital Signature Standard, and the Digital Encryption Standard-- to all third parties on a royalty-free basis for use only with this ISAKMP reference implementation. Note: Both the BigNum package and the cryptographic library come with exercise routines to validate each package. If errors occur and the respective README is not helpful, please contact the mailing list below for help. If either the BigNum package or the cryptographic library is not in full working order, the ISAKMP daemon will not work properly. ---------------------------------------------------------------------- A mailing list for problems, bug fixes, porting changes, and general discussion of ISAKMP and Oakley has been established: Postings: <isakmp-oakley@cisco.com> Administrivia: <majordomo@cisco.com> ----------------------------------------------------------------------