[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (IPng) Proposed Standard or no?
sharborth@hai-net.com says:
> Allow both. Don't mandate the use of one over the other. In
> systems which are in use today we use both methods, I would suspect
> each equally (at least from my experience over the past 12 years in
> secure communications system design & implementation.)
I suspect that you don't understand what is being discussed -- I'm not
trying to insult you here, its just that the conversation is being
couched in very deceptive terms. You probably are not using either
method today, and very likely not both. The terminology is very odd --
I suggest that you read all the drafts in question in order to really
get a feel for what is being discussed.
The topic boils down to this: do we want to permit for conveying key
management information in IPSP packets instead of in, say, separate
UDP packets. The argument being made on our side is "it won't give you
any performance and messes up a very clean design, making it far
harder to implement for negligible gain". The argument on their side
boils down to "we get to save a whole packet at the beginning of each
of your TCP sessions, and it means you get to rekey on every packet!"
Neither of these particularly seem to be important to me.
In the end, this comes down to whether you feel SKIP should be the key
management protocol we use -- the changes are being requested purely
to support SKIP, because Ashar seems to have painted himself into a
corner in which he assured us all along that he could adapt SKIP to
the proposed IPSP design and then realized only in the last week (it
seems) that he needed functionality at the IPSP layer that wasn't
available.
One of the reasons a number of us have argued this discussion should
be on the IPSEC list is because people on IPng lack the context of the
discussion.
Perry
References: