Re: out-of-band key management is like virtual circuits

["Perry E. Metzger" <perry@imsi.com>]

Dan Nessett says:
> Ran,
> 
> Your point :
> 
> >  All of the capability that you assert is unique to in-band
> >  can be done by simply sending key mgmt packets at the same time one
> >  sends the datagrams.
> 
> is somewhat misleading.

So is yours.

> The key management protocol will require an exchange
> between the source and destination in order for the source to obtain the
> SAID that it will use in the IP packet, which processing started the whole
> process. This induces a considerable delay in delivering the original
> IP packet.

Any key management protocol will require one or more exchanges to key
servers. This will induce delay. Any connection these days on the net
requires an exchange with DNS servers. This induces delay. Any key
management protocol based on public key techniques will require
significant computation time -- probably more than several packet
round trips on the current internet. This will induce delay. None of
these delays can be avoided.

.pm

---

References:

• Re: out-of-band key management is like virtual circuits
• From: Danny.Nessett@eng.sun.com (Dan Nessett)

---

• Prev by Date: Re: (IPng) out-of-band key management is like virtual circuits
• Next by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
• Prev by thread: Re: out-of-band key management is like virtual circuits
• Next by thread: Re: (IPng) Re: out-of-band key management is like virtual circuits
• Index(es):
  • Main
  • Thread