the silly bit

["William Allen Simpson" <bsimpson@morningstar.com>]

> From: markson@osmosys.incog.com (Tom Markson)
> Obviously not.  What I am saying (and have been saying) is that key
> management needs to be independent from IPSP.  If the Structured SAID
> bit is not in IPSP, you are eliminating possible key management schemes.
>
Because key management must be independent of IPSP, it is up to you to
show the independence.  That is, any scheme you propose cannot require
other key management proposals to understand any part of your proposal.

A reserved bit is not "independent".  It requires understanding by other
management schemes.  What is to prevent a 3rd .. 20th contender to need
a bit of their own?

I have suggested that you could write up a new transform draft showing
how your key management proposal would use the common header in a new
way.  A reserved SAID number could be assigned for your proposal.  254
of them are available.  (#0 means no key, and #1 is for RSA.)

Instead, you have chosen to argue endlessly.

Finally, we have eliminated _many_ possible key management schemes:

 - All key management schemes where the SAID is assigned by the Source
   are eliminated.  Only Destination assigned SAIDs are used.  This is a
   requirement for multicast.

 - All key management schemes which do not provide perfect forward
   secrecy are eliminated.

 - All key management schemes which are vulnerable to denial of service
   attack are eliminated.

Bill.Simpson@um.cc.umich.edu

---

Follow-Ups:

• Re: the silly bit
• From: Theodore Ts'o <tytso@MIT.EDU>

---

• Prev by Date: Re: (IPng) Proposed Standard or no?
• Next by Date: Re: (IPng) Proposed Standard or no?
• Next by thread: Re: How to authenticate ESP (was risks of MACs)
• Index(es):
  • Main
  • Thread