[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: out-of-band key management

> From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>
>   I find it REALLY fascinating that Dan Nessett and Ashar Aziz now
> agree that they in fact don't need a Structured SAID and that they
> can get along fine with having a single SAID dedicated to mean
> that "what comes next is a special in-band thingy".
>   I note that this capability is -- and has for many months --
> been in the IPv6 specs.  There is an entire block of reserved
> SAIDs for IANA to allocate as IANA sees fit.  No changes to the
> specs are needed for this as the hook was ALREADY present in
> the IPv6/IPv4 security specs.


Does this mean that you agree that the following text should be
taken out from Section 4 of the "IPv6 Security Architecture" document?

   "IPv6 is not intended to support so-called "in-band" key management, where 
   the key management data is carried in a distinct IPv6 header.  Instead 
   it will primarily use so-called "out-of-band" key management, where the key
   management data will be carried by an upper layer protocol such as UDP
   or TCP on some specific port number."