Re: (IPng) out-of-band key management is like virtual circuits

[Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>]

Jim,

  Your statement that "Digital has test and found it to be
costly" is directly refuted by other folks who are employed
by Digital and have been in regular contact with me for
over a year now.  I do not believe you.

  I do believe Perry and other who have been implementing.
Perry has code.  I have code. Phil Karn has code for a similar
security mechanism (different bit formats, but similar) in KA9Q.

  There is NO "MUST use security" there is a "MUST implement and support
security".  This is consistent with direction to me from the IESG.
That issue must be resolved with them directly as I am following
their specific direction on this point.

  Manual key distribution is necessary to have even in the presence
of a key management protocol, making it mandatory regardless.  We
can't mandate a key mgmt protocol that isn't yet a Proposed Standard
so we say "implementations SHOULD" implement it when it becomes
Proposed Standard.

  More comments will come when I have more time.

Ran
atkinson@itd.nrl.navy.mil

---

Follow-Ups:

• Re: (IPng) out-of-band key management is like virtual circuits
• From: bound@zk3.dec.com

References:

• Re: (IPng) out-of-band key management is like virtual circuits
• From: bound@zk3.dec.com

---

• Prev by Date: Re: WG last call for IPv4 MD5
• Next by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
• Prev by thread: Re: (IPng) out-of-band key management is like virtual circuits
• Next by thread: Re: (IPng) out-of-band key management is like virtual circuits
• Index(es):
  • Main
  • Thread