[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft Charter IPSEC WG




Steve,

My thoughts regarding the IPSEC WG were that, at a minimum, we would
have to identify the KM services required by the target protocol we
were describing.  This is essentially the approach taken with some of
the protocols you list for the network layer.  It is also the approach
being taken in other ongoing NLSP profiling activities.  Once the
requirements exist, then the question of whether we select/recommend/
develop an approach is a secondary issue.  I certainly hope/expect that
we will be able to adopt one of the current emerging standards.

A particular concern I have is the distinction between key management
in its simplest form (get the key to all the people (but only them)
that need it) and security association management.  For the candidate
class of security protocol we are describing, distribution of the key
is just one of the services required.  For all but the simplest cases,
it is necessary to negotiate service parameters as well as
identification and access control information.  Beyond addressing
conventions, the specification of these association parameters (and
how to authenticate them, if necessary) may be the largest open issue
the WG has to deal with.

Dave



References: