Send in your ideas. Deadline October 1st, 2020.




VPN technology is a key enabler for end user security in insecure environments. Vita aims to achieve high performance (beyond 10G speeds) on commodity server hardware. Vita is intended to be both simple in terms of code, as well as in terms of deployment, and non-invasive to deploy in existing networks. Vita also strives to be affordable, in terms of both energy footprint and cost of maintenance: its goal is to make the best possible use of commodity hardware while remaining easy to deploy safely.

Why does this actually matter to end users?

<img src="vita-sketch.png" alt="Vita components" style="width: 90%">


<ul> <li>Runs on commodity hardware </li> <li>Implements IPsec for IPv4, specifically <em>IP Encapsulating Security Payload</em> ESP) in tunnel mode (audit needed) </li> <li>Uses optimized AES-GCM 128-bit encryption based on a reference implementation by <em>Intel</em> for their AVX2 (generation-4) processors</li> <li>Suitable for 1-Gigabit, 10-Gigabit (and beyond?) Ethernet </li> <li>Automated key exchange and rotation, with perfect forward secrecy (PFS) (audit needed) </li> <li>Dynamic reconfiguration (update routes while running) </li> <li>Strong observability: access relevant statistics of a running Vita node </li> </ul>

"Vita" is supported by NLnet and Internet Hardening Fund.