...

-----Original Message----- From: Greg Bailey [SMTP:greg@minerva.com] Sent: Thursday, April 09, 1998 9:23 PM To: 'stuartj@packetengines.com' Cc: 'ATHENA Tech'; 'ark-gvb' Subject: RE: possible customer for a Forth box?

On Thu, 9 Apr 1998 15:12:17 -0700, Stuart Johnson <stuartj@packetengines.com> wrote:

...

i'm currently looking for a box or chipset that will encryption ethernet traffic at or near wire speed. does anyone know of such a thing? anyhelp will be greatly appreciated.

We might be able to help, but the above is not a complete problem statement. It could be read as use of Ether for a point to point connection between two machines with all traffic encrypted, which is a nice and simple key management problem. Or it might mean two or more boxes plugged into an Ethernet with only traffic between these pairs of boxes encrypted. This is a much harder key management problem and also is full of special cases such as some protocols (ARP for example) that must never be encrypted.

thanks all for the quick replies, for my needs a point to point connection is fine.

i've looked at a few things out there (netfortress, some bay routers) but they are all very slow, i'm looking for a wire speed implementation (100-1000Mb/s) is there anything out there in this arena? or do i have to make my own <g>. if i were to embark on building my own is there any body of work out there that would help me get a jump start? i have the LAN protocol knowledge but my crypto knowledge is limited to what i've read in Schneier.

Have you checked out RadGuard's cIPRO? It claims throughput of 100 Mbps and is IPSec-compliant, although I don't know which specific algorithms it supports. Mick Bauer Network Engineer, EXi Corp.