[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) out-of-band key management is like virtual circuits



Ran,

>  Your statement that "Digital has test and found it to be
>costly" is directly refuted by other folks who are employed
>by Digital and have been in regular contact with me for
>over a year now.  I do not believe you.

We gave you the figures for MD5 authentication at the Seattle IETF
implementors meeting.  Your wrong and whoever in Digital told you this
does not have a clue or would know better.  I will search this person
out so I suggest you let them know that I am looking for them to clear
this up.  You have now resigned yourself to character assasination
because you cannot defend yourself technically and or have a clue what
your own specification would cost to implement.   

Cost is relative.  If it cost 500K then most normal return on investment
should be 5 million as one example.  There is also maintenance and
having experts in an area et al.  

By this mail I hope you know that I will read and study your mail more
than anyother and you should also realize if that Digital person did not
know what we have done you have opened yourself up to slander of my
credibility.  Fortuneately for you I don't care about that kind of
stuff.  But I never forget a public attack such as the one you have just
made.  Pretty dumb Ran. 

>  I do believe Perry and other who have been implementing.
>Perry has code.  I have code. Phil Karn has code for a similar
>security mechanism (different bit formats, but similar) in KA9Q.

Well then why did you not want to do interoperability testing when we
asked at the last IETF meeting?  Or respond to the mail that went out.
We could have done some testing of IPv6 security with you.  Which should
have also tested other parts of the protocol?

>  There is NO "MUST use security" there is a "MUST implement and support
>security".  This is consistent with direction to me from the IESG.
>That issue must be resolved with them directly as I am following
>their specific direction on this point.

No one is arguing this anymore.

>  Manual key distribution is necessary to have even in the presence
>of a key management protocol, making it mandatory regardless.  We
>can't mandate a key mgmt protocol that isn't yet a Proposed Standard
>so we say "implementations SHOULD" implement it when it becomes
>Proposed Standard.

>  More comments will come when I have more time.

Just respond to my formal response to your drafts.  You will get more
input trust me.

/jim


References: