[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[4]: Granularity of authentication in swIPe
Phil:
Thanks for clarifying your position. I think that I understand it.
> The SAID is an especially sensitive issue with me since it has to be
> in every packet. On the other hand, the use of sequence numbers could
> be negotiated on a per-SAID basis, which makes them less objectionable
> -- you can turn them off if you want.
My concern is that the SAID must be big enough to deal with broadcast and
multicast keys in the entire Internet. More and more applications take
advantage of multicast, and I expect that trend to continue. While the
volume of broadcast and multicast traffic may not catch up to the volume of
pairwise traffic, the IPSP must offer protection for it in a
straightforward manner.
> I am not trying to solve every conceivable problem with IPSP. That's
> how things like OSI come about. The Internet approach has always been
> to try first to solve 95% of the problems with only 5% of the
> effort. Then after we get some real world experience we can decide if
> the remaining 5% are worth solving, or whether they are even real or not.
I like the Internet engineering methodology, especially the part that
require two independent, interoperable implementations before a protocol
can be called a standard. I just happen to think that protecting broadcast
and multicast traffic is part of the 95% (not part of the 5%).
That said, let's argue about protocols and mechanisms, not standards
development methodology.
Russ