[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: out-of-band key management is like virtual circuits




> From ipsec-request@ans.net Fri Feb 24 14:12 PST 1995
> bound@zk3.dec.com says:
> > I highly suggest to the chairs to get with Ran offline and fix this if
> > he continues to pursue this course.  He should have to justify why
> > Dannys claims will not benefit a draft under this groups charter as of
> > right now just like the rest of the drafts must do this.  This is just
> > the wrong thing to do.  
> 
> "Danny's" suggestion is in fact Ashar Aziz's suggestion, as you would
> know if you were on the ipsec list which you feel you don't have to be
> on. However, Ashar isn't claiming it has anything to do with
> performance per se -- he wants it to make his life easier in promoting
> a particular key management system called SKIP, which was designed
> with in-band in mind.

Perry,

I have raised  performance issues in the past (in fact you and I had that
exchange). There are situations where you dont want to have to go through 
the overhead of establishing a session when all you want to do is send a 
few IP packets (e.g net mgmt, ICMP etc.). You suggested one could do this 
with cached security-connections, whereas I responded that this doesn't 
work well for servers, net managers or routers that may need to reach a 
very large destination set, because all of these connections would have 
to be re-established in case of crash/reboot scenarios.

Regards,
Ashar.


Follow-Ups: