Welcome to the latest issue of the VPNC Update. We hope you find the news in this issue valuable.
Happy new year! The VPN Consortium is happy to be starting its twelfth year of service, and look forward to providing more leadership in the virtual private network market, including much more interoperability testing.
Both the SSL VPN and IPsec VPN markets continued to thrive during 2009, and two new members joined VPNC in 2009. Our membership now stands at 26 companies, including nearly all the significant players in the IPsec and SSL VPN markets.
Interoperability logos for the increasingly-important IPv6 market were given to Juniper, Mocana, SafeNet, and Wind River. Multiple systems from NETGEAR received the Basic and/or AES interoperability logos for new IPsec systems. New SSL VPN logos went to Cyberoam. About a dozen systems which had significant software upgrades were re-tested and passed the tests. There are now 55 systems with interoperability logos actively being tested and retested in the VPNC lab.
VPNC's members saw the individual customer demand for IKEv2 continue to be much lower than earlier expected, but there are more long-range requirements that include IKEv2 coming from industry and government bodies. The systems that have received the VPNC IKEv2 Basic Interoperability logo are still mostly from OEMs, not commercial vendors; the good news is that the list continues to grow. As those requirements start being put into place, VPNC's members are expected to meet the demand by creating more systems that run both IKEv1 and IKEv2.
Looking forward, VPNC will start interoperability testing for use of certificates for mutual authentication in both IKEv1 and IKEv2. This decision is based on the fact that the future-looking requirements coming from industry and government bodies all require certificates, and some even prohibit use of pre-shared secret authentication.
VPNC held discussions with large VPN users during 2009 to assess what type of certificate testing would be most critical for them, given the wide range of testing areas. Most agreed that the place where interoperability was poorest was in specifying identifiers used in certificate authentication; this problem is described in detail in RFC 4945. Thus, VPNC's upcoming tests will focus on that aspect of interoperability in order to help VPN users assess the likelihood of interoperability between different vendors' systems. Look for news about the new logos in future editions of the VPNC Update.
This month, one member retested for VPNC Basic Interoperability, AES Interoperability, and IKEv2 Interoperability after updating their software:
See the VPNC testing page for full lists of all the VPNC members' products which have proven interoperability.
Cyberoam
Cyberoam UTM Extends The "Accelerator Series" With CR25ia and CR35ia
Cyberoam
Cyberoam UTM Signs Distribution agreement with MMS Secure
F5
F5 Networks Named Finalist in 2010 SC Magazine Awards Program
Juniper
Juniper Networks Extends Leadership in Network Security Markets
McAfee
McAfee, Inc. Recognized with Top Honors from Channel Insider and Business Solutions
Microsoft
New Forefront enterprise security solutions for safe, productive web surfing and remote access
Nortel
Nortel Completes Sale of Substantially All of Enterprise Solutions Business to Avaya
SonicWALL
SonicWALL Named Finalist for the 2010 SC Magazine Awards
WatchGuard
WatchGuard Immune from Latest SSL Vulnerability
The IKEv2 standard has been out for a few years, and vendors who have implemented it have found parts of the original specification, RFC 4306, to be confusing and incomplete. The IETF's IPsecME Working Group has been diligently fixing the specification (commonly called "IKEv2bis"), and that document is now in Working Group Last Call. All IKEv2 implementers are urged to read the current draft and to make comments in the Working Group. The next step after this is IETF Last Call, followed by a review by the IESG (the IETF's technical leadership), and then publication as a new RFC.
The VPNC Update is a low-volume, one-way newsletter to inform people about news in the VPN industry. Subscription is open to everyone, members and non-members alike. Previous issues of the newsletter can be found here. If you have questions about the content of VPNC Update, or suggestions or information for future issues, please send them to Paul Hoffman, VPNC's director.
To subscribe to this newsletter, send a message to
vpnc-update-request@vpnc.org
with the single word
subscribe
in the body of the message. To unsubscribe, send a message to
vpnc-update-request@vpnc.org
with the single word
unsubscribe
in the body of the message.
