VPNC members | Features chart | Mailing list | Join VPNC
Conformance testing | VPN standards | VPN white papers
Interoperability | IPsec archives | Definitions | IETF novice guide
VPN meetings | VPN bakeoff | VPNC home
Welcome to the latest issue of the VPNC Update. We hope you find the news in this issue valuable.
This month, one VPNC member successfully finished their testing for Basic
conformance:
Please see the VPNC conformance page for a complete list of vendors who have received the VPNC conformance logos in all categories.
2002 will prove to be a very important year for the IPsec market. The VPN market continues to grow and to spread to new areas and IPsec, the underlying technology for VPNs, also continues to mature. VPN vendors are placing more emphasis on interoperability and reliability, and upcoming changes to the IPsec protocols should help in both of those areas.
The portion of IPsec that has caused the most problems with interoperability and reliability is IKE, the key-exchange protocol that is the beginning of almost every IPsec session. Because of this, the IPsec Working Group in the IETF has decided to create a successor to IKE that will incorporate the lessons from the past few years. The work has already begun, and three proposals (called "IKEv2", "JFK", and "SIGMA") were discussed at the Working Group's meeting last month in Salt Lake City. In addition, a requirements document that will help focus the discussion is also being discussed.
The first versions of the three proposals have different design and security properties. For example, the proposals differ in how and when the identities of each side of the negotiation is revealed; this in turn changes the security properties of the protocols against various attacks from people trying to find out who is communicating. Another significant area where the proposals differ is in how many of the concepts and structures of current IKE are reused in the new protocols.
The authors of the three proposals have already started working together to modify their proposals based on each other's work. As the Working Group starts to make it clear what features are needed and not needed in the successor to IKE, the proposals will probably change. It is widely hoped that the Working Group can settle on a single proposal by the middle of the year, meaning that the final proposal might be finished by the end of this year and deployed next year.
The slides from the presentations in Salt Lake City for the three proposals can be found on the VPNC archive of the IPsec WG mailing list.
Alcatel
InfoExpress and Alcatel Announce Security Technology Alliance
Asita
Asita Technologies Launches New Functionality To Its Linespeed 5
Asita
Asita Technologies Expands Presence Globally To Support Enterprise And
Service Provider Companies
Check Point Software
Nokia and Check Point Expand Global Strategic Alliance
Check Point Software
Check Point Introduces VPN-1/FireWall-1 XL Delivering
Multi-Gigabit Performance
Cisco
Cisco Enhances Industry-Leading VPN Solutions
Enterasys
Enterasys' Aurorean VPN Technology Opens Up The World of Secure On-line
Storage
Fortress Technologies
Fortress Launches Wireless Security System
Hifn
Samsung Plans to Adopt Hifn Security for Its Networking Chip Sets
Hifn
Hifn Samples Security Processors for Multi-Gigabit Network Applications
Nokia
Nokia and Check Point Expand Global Strategic Alliance
Nokia
Nokia and F5 Networks Partnership Delivers Industry-Leading Internet
Traffic Management Solutions
RSA Security
RSA Security Announces Newest Versions of PKI Software to Help Drive
E-Business Initiatives
SafeNet
SafeNet Announces VPN Client Software for Palm Powered Handhelds
SafeNet
SafeNet Acquires Securealink To Increase Worldwide Innovation in Silicon
Security Solutions
SecGo Solutions
SecGo Solutions to provide a secure remote access solution for
D-TRUST
SSH Communications Security
Nokia Networks Expands Utilization of SSH's IPsec Technology in Securing
Mobile Network Solutions
SSH Communications Security
NetOctave Chooses SSH IPSEC Express for High-Speed Security
Processors
V-ONE
V-ONE Introduces New Line of SmartGuard Appliances
The IETF's IPsec Working Group met last month to discuss a wide variety of topics. While much of the meeting was focused on the successor to IKE (see above), another important topic that came up was other Internet protocols that rely on IPsec. The WG heard a presentation about iSCSI, a technology that is rapidly becoming extremely important for network storage, and its reliance on IPsec for security. iSCSI is expected to replace Fibre Channel as the major protocol for network storage in coming years due to its higher speed and flexibility.
iSCSI raises some interesting issues for IPsec, specifically with respect to rekeying of security associations. iSCSI will run at speeds of tens of gigabits per second, which will cause some implementations to need to rekey IPsec much more often than typical VPNs need to. Proposed changes to ESP, which have been recently proposed in the WG, will help alleviate this need, but current iSCSI implementations may be hampered by this. It is clear that the IPsec and iSCSI communities will have to work together on the protocols to make sure that IPsec will be useful to the network storage market.
The Tolly Group is hosting a webcast on January 23. The Impact of Security Processing on Firewall/VPN Performance is co-sponsored by VPNC member Nortel.
One of the larger networking conferences is the annual ComNet, held in Washington DC January 28-31, 2002. This year's event includes a debate-style "VPN Showdown". While not as huge and Networld+Interop, ComNet attracts a sizable audience, and many VPNC members will be exhibiting.
The VPNC Update is a low-volume, one-way mailing list to inform people about news in the VPN industry. Subscription is open to all, members and non-members. If you have questions about the content of VPNC Update, or suggestions or information for future issues, please send them to Paul Hoffman, VPNC's director.
To subscribe to this mailing list, send a message to
vpnc-update-request@vpnc.org
with the single word
subscribe
in the body of the message. To unsubscribe, send a message to
vpnc-update-request@vpnc.org
with the single word
unsubscribe
in the body of the message.