[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: (IPng) Proposed Standard or no?

To: ipng@sunroof.eng.sun.com, ipsec@ans.net
Subject: Re[2]: (IPng) Proposed Standard or no?
From: sharborth@hai-net.com
Date: Mon, 27 Feb 95 12:15:58 EST
Return-Receipt-To: sharborth@hai-net.com

You are right I did not look at the all of the references before speaking.  I 
was thinking along the lines of "out-of-band" negotiations being done via 
courier as Ran noted in his 2:03 pm message of 25 February.

Also, I do currently use systems which use "out-of-band" couriers for 
distribution of keymat and the equipment also does in-band key management for 
distribution of key.


Skip

_______________________________________________________________________________
Subject: Re: (IPng) Proposed Standard or no? 
From:    ipng@sunroof.Eng.Sun.COM at internet
Date:    26-02-95  13:40

sharborth@hai-net.com says:
> Allow both.  Don't mandate the use of one over the other.  In
> systems which are in use today we use both methods, I would suspect
> each equally (at least from my experience over the past 12 years in
> secure communications system design & implementation.)

I suspect that you don't understand what is being discussed -- I'm not
trying to insult you here, its just that the conversation is being
couched in very deceptive terms. You probably are not using either
method today, and very likely not both. The terminology is very odd --
I suggest that you read all the drafts in question in order to really
get a feel for what is being discussed.

The topic boils down to this: do we want to permit for conveying key
management information in IPSP packets instead of in, say, separate
UDP packets. The argument being made on our side is "it won't give you
any performance and messes up a very clean design, making it far
harder to implement for negligible gain". The argument on their side
boils down to "we get to save a whole packet at the beginning of each
of your TCP sessions, and it means you get to rekey on every packet!"
Neither of these particularly seem to be important to me.

In the end, this comes down to whether you feel SKIP should be the key
management protocol we use -- the changes are being requested purely
to support SKIP, because Ashar seems to have painted himself into a
corner in which he assured us all along that he could adapt SKIP to
the proposed IPSP design and then realized only in the last week (it
seems) that he needed functionality at the IPSP layer that wasn't
available.

One of the reasons a number of us have argued this discussion should
be on the IPSEC list is because people on IPng lack the context of the
discussion.


Perry
------------------------------------------------------------------------------
IETF IPng Mailing List        FTP archive: ftp.parc.xerox.com:/pub/ipng
Unsubscribe: unsubscribe ipng   (as message body, not subject)
Direct all administrative requests to majordomo@sunroof.eng.sun.com

Prev by Date: Re: WG last call for IPv4 DES and 3DES
Next by Date: Re: WG last call for IPv4 MD5
Prev by thread: Re: (IPng) Proposed Standard or no?
Next by thread: Re: (IPng) Proposed Standard or no?
Index(es):
- Main
- Thread