Re: WG last call for IPv4 AH and ESP

[Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>]

Ashar,

  Because key mgmt is kept separate entirely from the AH and ESP
specifications, it is easy to swap out one key mgmt protocol for
another without having to alter the AH or ESP implementations.
It is this kind of independence which is important.

  Given the history of the Needham-Schroeder key mgmt protocol, I
do not believe it is reasonable to insist that we wait infinite
time to convince ourselves that any particular protocol is perfect.
It is most sensible, and no one has suggested otherwise, to work
on refining and improving the key mgmt protocol until there is
rough consensus that it is "good enough".  There have been MONTHS
of discussions about key mgmt approaches and there is rough (not
smooth, but only rough is required by IETF rules) consensus that
the direction of Photuris is the right direction.

  It is most productive to focus efforts on refining, analysing, and
improving Photuris.  It is not productive to continue in the current
mode of operation of endless debates between proponents since there
is rough consensus about using a hybrid Diffie-Hellman algorithm
in conjunction with DNS signed keys.

Regards,

Ran
atkinson@itd.nrl.navy.mil

---

References:

• Re: WG last call for IPv4 AH and ESP
• From: ashar@osmosys.incog.com (Ashar Aziz)

---

• Prev by Date: Speed of DH key exchange
• Next by Date: Re: WG last call for IPv4 AH and ESP
• Prev by thread: Re: WG last call for IPv4 AH and ESP
• Next by thread: Re: WG last call for IPv4 AH and ESP
• Index(es):
  • Main
  • Thread