[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: the silly bit
This thread was not on IPng, and I firmly object to you bothering them
with it. I, for one, will not be replying to this thread on any list in
the future.
> From: Danny.Nessett@eng.sun.com (Dan Nessett)
> implementation experience. SKIP is implemented and working in the field.
>
This is, as I've mentioned before, utter bullshit.
SKIP is supposedly a "key management proposal". Please show us the key
management, particularly the deployed X.509 certificate database. SKIP
uses completely different certificates from the (non-deployed) PEM.
Deployment of SKIP is not likely to be any faster than PEM.
> There is no pre-existing SAID value that the receiver will have cached
> to determine that the header specifies in-band keying. The SAID value will
> be allocated after the packet is processed.
>
Sender assigned SAID values are not allowed in IP Security. All SAID
values are assigned per Destination. This is a requirement.
SKIP as currently written does not meet our requirements.
> I agree with you about taking up a bit in the SAID. I think a special SAID
> value should be used to indicate that the next field(s) carry additional
> information about the key management protocol. Since there are already
> SAID values "reserved for future work," one of these can be chosen. e.g.,
> the SAID value consisting of all ones.
>
I suggested this in the first message in this thread. In order to
receive this value, you will need to write a security transform draft.
You have not supplied the draft.
Bill.Simpson@um.cc.umich.edu