[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user-to-user vs. host-to-host keying

To: Dan Nessett <Danny.Nessett@eng.sun.com>
Subject: Re: user-to-user vs. host-to-host keying
From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>
Date: Wed, 8 Mar 1995 15:36:42 -0500
Cc: ipsec@ans.net
In-Reply-To: Danny.Nessett@Eng.Sun.COM (Dan Nessett) "Re: user-to-user vs. host-to-host keying" (Mar 8, 12:01)
References: <199503082002.AA29320@interlock.ans.net>
Reply-To: atkinson@itd.nrl.navy.mil
Sender: rja@bodhi.itd.nrl.navy.mil

Dan

  You confuse my "illustrative examples" for "sole justifications"
very consistently.  My text includes a fair number of illustrative
examples.  It does not include voluminous justifications for every
item that has been discussed either on the IPng list or the IPsec
list or at past IETF meetings in order to remain readably short.

  There are a number of reasons for user-to-user keying to be mandatory
to implement.  One remains the desire to reduce risk of chosen
plaintext attacks.  The only key management _mandated_ by IPv6
is manual key distribution.  Because development of a scalable
key management protocol is outside the charter of the IPng working
group and no such standards-track RFC exists now, this is all that
can be mandated at this time.  Phil Karn and others are working hard
on developing such a scalable key management protocol and I am
optimistic that the Internet will have one in the future, but we
do not have one now.

Regards,

Ran
atkinson@itd.nrl.navy.mil

References:

Re: user-to-user vs. host-to-host keying

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: (IPng) Re: out-of-band key management is like virtual circuits
Next by Date: Re: (IPng) Re: out-of-band key management
Prev by thread: Re: user-to-user vs. host-to-host keying
Next by thread: Re: user-to-user vs. host-to-host keying
Index(es):
- Main
- Thread