Re: IPSP negotiation

[Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>]

It is not clear to me that "negotiation is cheap" in all cases, but it
seems clear that some (not yet fully determined) amount of negotiation
will be required in the world-wide Internet.  Algorithms are one thing
that clearly will need to be negotiated because not everyone will want
to use DES-CBC.

Certain other things will need to be _communicated_ between the parties
but might not need to be _negotiated_.  Sensitivity level might be
one of these items.

I know that at least Steve Bellovin and Steve Kent have some set of
items that each thinks probably should be negotiable.  I think that
the newly formed key management group should probably try to reach
rough consensus on which items need to be negotiable early on in their
work.

I don't think many people would argue against (1) trying to keep the
negotiable items minimised and (2) trying to keep the negotiation
process simple.

Ran
atkinson@itd.nrl.navy.mil

PS:
 In the IPv6 Implementers Meeting in Toronto on the morning of 7/29,
an early implementer of the IPv6 Authentication Header reported that a
well known commercial 64-bit RISC processor could only process about
20 Mbps through MD5.  I hope that we'll see MD5 hardware soon to make
increase the processing rate.  However, the implementers all wanted to
explore alternatives to MD5 that would be faster (100 Mbps on a RISC
processor would be nice to have so that FDDI line rates and near ATM
line rates are practical) and yet provide authentication adequate for
commercial users.  All suggestions on alternate algorithms are
welcome, preferably with citations into the published literature.

---

References:

• Re: SIPP and SKIP. 2 subjects.
• From: "Perry E. Metzger" <perry@imsi.com>

---

• Prev by Date: Re: Thoughts...
• Next by Date: Re: SIPP and SKIP. 2 subjects.
• Prev by thread: Re: SIPP and SKIP. 2 subjects.
• Next by thread: Re: SIPP and SKIP. 2 subjects.
• Index(es):
  • Main
  • Thread