[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (IPng) Re: out-of-band key management
> From: Ran Atkinson <rja@bodhi.itd.nrl.navy.mil>
>
> I find it REALLY fascinating that Dan Nessett and Ashar Aziz now
> agree that they in fact don't need a Structured SAID and that they
> can get along fine with having a single SAID dedicated to mean
> that "what comes next is a special in-band thingy".
>
> I note that this capability is -- and has for many months --
> been in the IPv6 specs. There is an entire block of reserved
> SAIDs for IANA to allocate as IANA sees fit. No changes to the
> specs are needed for this as the hook was ALREADY present in
> the IPv6/IPv4 security specs.
Ran,
Does this mean that you agree that the following text should be
taken out from Section 4 of the "IPv6 Security Architecture" document?
"IPv6 is not intended to support so-called "in-band" key management, where
the key management data is carried in a distinct IPv6 header. Instead
it will primarily use so-called "out-of-band" key management, where the key
management data will be carried by an upper layer protocol such as UDP
or TCP on some specific port number."
Regards,
Ashar.
Follow-Ups: