[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter IPSEC WG



Rob Shirey, Hilarie Orman, Dave Crocker, Phil Karn, et al. all
responded to my call for having the IPSEC WG design both the network
layer security protocol and a key management protocol to accompany it.

As with many situations, our perceptions are formed by prior bad
experiences.  In this case, I think there are two relevant negative
examples.  In the case of PEM, the focus on a specific key management
protocol and accompanying policy added considerable time to the
development of the protocol.  I agree we want to avoid a similar delay
in the IPSEC WG.

Over in the OIS arena, it's my impression that SP3, SP4, NLSP and TLSP
have been bouncing around for a few years without culminating in a
usable protocol.  I'm under the impression that one missing ingredient
is the lack of key management protocol to accompany the network or
transport layer protocol.  In my prior note, I had this example in
mind.

The goal for the IPSEC WG is to define a network layer security
protocol usable in the near future as part of the IP suite.  Splitting
off the key management part of the problem is fine as long as it gets
done.  I suppose we can punt and use manual key distribution
techniques in the short run or roll our own ad hoc techniques.  The
main thing is to get the network layer defined and to have a
reasonable path for getting the key management defined and deployed,
one way or the other.


Steve


Follow-Ups: References: