swIPe

[Perry E. Metzger]

alex says:
> The other day, while I was poking around the C'Punk FTP site, I ran 
> across swIPe, the low-level network security protocol by Matt Blaze and 
> John Ioannidis.

The code is just by JI, actually. Phil Karn has done a seperate
experimental implementation

> I'm not as knowledgeble as many of the people here, but swIPe strikes me 
> as "The Right Way" to apply crypto to net-communications.  Instead of 
> having secure email, secure mosaic, secure telnet, etc., you have secure IP 
> traffic.  It's comparatively simple, it's very flexible, and it's 
> transparent.

Its sufficient for all protocols on which authentication and
encryption have to be done on the link -- things like Telnet, for
example. For things like Email, its not adequite, because the store
and forward nature of the data means that you need authentication over
the data and not over the link.

> I haven't heard much about swIPe, and I was wondering if someone could 
> bring me up to speed on it, let me know the status of the project, the 
> conventional wisdom, etc.  In particular, I'd like to know if anyone uses 
> swIPe with Linux.

There is a (moribund) mailing list, swipe-request at cs.columbia.edu will
get you on to it. There is also a successor protocol that has been
developed by the IETF's IPSEC working group, called IPSP, which is
essentially a simplification of swIPe; I'm editing the draft RFCs.

Perry