[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying


  You confuse my "illustrative examples" for "sole justifications"
very consistently.  My text includes a fair number of illustrative
examples.  It does not include voluminous justifications for every
item that has been discussed either on the IPng list or the IPsec
list or at past IETF meetings in order to remain readably short.

  There are a number of reasons for user-to-user keying to be mandatory
to implement.  One remains the desire to reduce risk of chosen
plaintext attacks.  The only key management _mandated_ by IPv6
is manual key distribution.  Because development of a scalable
key management protocol is outside the charter of the IPng working
group and no such standards-track RFC exists now, this is all that
can be mandated at this time.  Phil Karn and others are working hard
on developing such a scalable key management protocol and I am
optimistic that the Internet will have one in the future, but we
do not have one now.