[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: the silly bit

This thread was not on IPng, and I firmly object to you bothering them
with it.  I, for one, will not be replying to this thread on any list in
the future.

> From: Danny.Nessett@eng.sun.com (Dan Nessett)
> implementation experience. SKIP is implemented and working in the field.
This is, as I've mentioned before, utter bullshit.

SKIP is supposedly a "key management proposal".  Please show us the key
management, particularly the deployed X.509 certificate database.  SKIP
uses completely different certificates from the (non-deployed) PEM.
Deployment of SKIP is not likely to be any faster than PEM.

> There is no pre-existing SAID value that the receiver will have cached
> to determine that the header specifies in-band keying. The SAID value will
> be allocated after the packet is processed.
Sender assigned SAID values are not allowed in IP Security.  All SAID
values are assigned per Destination.  This is a requirement.

SKIP as currently written does not meet our requirements.

> I agree with you about taking up a bit in the SAID. I think a special SAID
> value should be used to indicate that the next field(s) carry additional
> information about the key management protocol. Since there are already
> SAID values "reserved for future work," one of these can be chosen. e.g.,
> the SAID value consisting of all ones.
I suggested this in the first message in this thread.  In order to
receive this value, you will need to write a security transform draft.
You have not supplied the draft.