Stephen D. Williams writes:
I would like some summary opinions of the state of various efforts to enable full IP encryption. I'm looking for progress reports and hints as to which technologies are the closest to being implementable.
The implementation efforts are in full swing. At the last IETF meeting in Stockholm, Steve Crocker challenged the community to have IPSEC in place and available in time for the Dallas meeting in December. There is now a mailing list for those actively working on the implementation efforts and a good deal of effort is being expended. In fact, I took off this month more or less so that I could work full time on implementation.
I haven't kept up on IPng6 docs, so succinct pointers would be helpful.
The actual RFCs were submitted to the RFC editor over the last day or so, so there should be real RFCs to quote shortly. However, for the moment, check out draft-ietf-ipsec-* in the nearest internet-drafts depository. ds.internic.net:/internet-drafts/ is probably a reasonable spot.
One interesting tact might be to start running a dual IPng6/IP stack where it learns to tunnel packets over a well-known IP udp/tcp link if an address doesn't respond to IPng6.
You don't need to use IPv6 for the security, by the way -- its defined to work on either. If you want, of course, I'm sure the v6 folks would love a Linux v6 stack to show up soon... Perry