Folks on this list may be interested in a new tech report:
Shreyas Srivatsan, Maritza Johnson, and Steven M. Bellovin. Simple-VPN:
Simple IPsec configuration. Technical Report CUCS-020-10, Department of
Computer Science, Columbia University, July 2010.
http://mice.cs.columbia.edu/getTechreport.php?techreportID=1433
The IPsec protocol promised easy, ubiquitous encryption. That has never
happened. For the most part, IPsec usage is confined to VPNs for road warriors,
largely due to needless configuration complexity and incompatible
implementations. We have designed a simple VPN configuration language that
hides the unwanted complexities. Virtually no options are necessary or
possible. The administrator specifies the absolute minimum of information: the
authorized hosts, their operating systems, and a little about the network
topology; everything else, including certificate generation, is automatic. Our
implementation includes a multitarget compiler, which generates
implementation-specific configuration files for three different platforms;
others are easy to add.
We hope to have the code up on Sourceforge soon.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
