Re: (IPng) out-of-band key management is like virtual circuits

["Perry E. Metzger" <perry@imsi.com>]

bound@zk3.dec.com says:
> Danny is right on the performance hit its obvious.

No it isn't, Jim. A round trip might be required in *some* key
management techniques in the *worst case*, and in any case the time in
question is swamped by other times required. As I noted, virtually
every transport session on the net these days begins with a DNS round
trip. No one complains about that. And no, we aren't going to do user
level keying for random ICMP messages -- what would it mean? User
level keying is going to end up being employed for long lived sessions
where the setup time is invisible over the length of the connection.

So far as I can tell, he has no figures to back up his claims. Had he
phrased this as a question or a suggestion for something to try to
measure I would prehaps not be disturbed by his comments -- saying we
should be considering this sort of thing is perfectly reasonable --
but I really don't like pronouncements from on high from people who
have no implementation experience. One would think that he'd built a
complete system, deployed it, and had been conducting measurements
from the way that he wrote.

Perry

---

Follow-Ups:

• Re: (IPng) out-of-band key management is like virtual circuits
• From: bound@zk3.dec.com
• Re: (IPng) out-of-band key management is like virtual circuits
• From: markson@osmosys.incog.com (Tom Markson)

References:

• Re: (IPng) out-of-band key management is like virtual circuits
• From: bound@zk3.dec.com

---

• Prev by Date: Re: (IPng) out-of-band key management is like virtual circuits
• Next by Date: Re: (IPng) out-of-band key management is like virtual circuits
• Prev by thread: Re: (IPng) out-of-band key management is like virtual circuits
• Next by thread: Re: (IPng) out-of-band key management is like virtual circuits
• Index(es):
  • Main
  • Thread