What should we do first

[" " <amir@watson.ibm.com>]

Juan put it very well: we need to focus and standardize _real_soon_ a module
that would alow secure IP-layer security. Jeff Schiller put it to us very
clearly in the last IETF: `... the internet is bleeding'. This is a critical
problem which is a major concern to many of our customers. In the higher
layers, there would probably be a prolifiration of techniques, regardless
of our efforts to standardize - where this prolifiration is the result
of existing systems, efficiency, licensing, and many other reasons some
of which are even justified...

It is up to us - IP-SEC and IKMP working groups - to create the security
equivalent of IP: a small protocol that would enable interoperability.
Let's work together to make it happen.

Best, Amir Herzberg

------- Forwarded Message

Return-Path: root
Received: from yktvmv-ob.watson.ibm.com by gimili.watson.ibm.com (AIX 3.2/UCB
5.64/930311)
          id AA37038; Wed, 9 Nov 1994 17:38:57 -0500
Received: from watson.vnet.ibm.com by yktvmv.watson.ibm.com (IBM VM SMTP V2R3)
   with BSMTP id 5559; Wed, 09 Nov 94 17:38:58 EST
Received: from YKTVMV by watson.vnet.ibm.com with "VAGENT.V1.0"
          id <A.IPSEC-RE.NOTE.YKTVMV.6863.Nov.09.17:38:58.-0500>
          for amir@watson; Wed, 09 Nov 94 17:38:58 -0500
Received: from interlock.ans.net by watson.ibm.com (IBM VM SMTP V2R3) with TCP;
   Wed, 09 Nov 94 17:38:56 EST
Received: by interlock.ans.net id AA31179
  (InterLock SMTP Gateway 1.1 for ipsec-out@ans.net);
  Wed, 9 Nov 1994 17:26:36 -0500
Received: by interlock.ans.net (Internal Mail Agent-2);
  Wed, 9 Nov 1994 17:26:36 -0500
Message-Id: <199411092226.AA33991@interlock.ans.net>
Received: by interlock.ans.net (Internal Mail Agent-1);
  Wed, 9 Nov 1994 17:26:36 -0500
Date: Wed, 9 Nov 94 17:26:40 EST
From: "Juan A. Garay ((914) 784-6852)" <garay@watson.ibm.com>
X-Addr: IBM T.J. Watson Research Center
        P.O. Box 704
        Yorktown Heights, NY 10598
To: housley@spyrus.com
Cc: ipsec@ans.net
Subject:  Modular approach to key management   11/08/94         19:22:22

Reference:  Your note of Tue, 08 Nov 94 19:22:22


> Juan A. Garay Says:
>
>     Our proposal doesn't force a user to use the "lower" module, thru
>     which short-lived keys are derived . However, distributing keys thru
>     the means mentioned above is more expensive, and we believe ipsec has
>     to provide a more modular and efficient option. Our proposal
>     accommodates this situation.
>
> But, the proposal suggests that we start by standardizing the lower module.
> In my opinion, the upper module is the one that needs our attention. The
> upper module is the one that uses key distribution centers,
> certificate-based key management, or manual key management.
>
> Russ

Russ,
we are not proposing to forget about the upper module but, rather, follow
a "first things first" approach. We believe that there are *very*
convincing reasons (security and efficiency - need for
frequent key updates; deployment and interoperability - support
the variety of existing key distribution technologies. and it's
fundamental to have a common module!; methodological; etc.) to do the
lower module first and get us going.

Juan

------- End of Forwarded Message

---

• Prev by Date: re:On SKIP and non-interactive key management
• Next by Date: re:On SKIP and non-interactive key management
• Prev by thread: Modular approach to key management 11/08/94 19:22:22
• Next by thread: Re: Modular approach to key management 11/08/94 19
• Index(es):
  • Main
  • Thread