[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (IPng) Re: out-of-band key management
>Ashar Aziz says:
>>
>> Ran,
>>
>> Does this mean that you agree that the following text should be
>> taken out from Section 4 of the "IPv6 Security Architecture" document?
>>
>> "IPv6 is not intended to support so-called "in-band" key
>> management, where the key management data is carried in a
>> distinct IPv6 header. Instead it will primarily use so-called
>> "out-of-band" key management, where the key management data will
>> be carried by an upper layer protocol such as UDP or TCP on some
>> specific port number."
>I oppose the removal of the language. IPv6 and IPSP are NOT intended
>for "in-band" key management. The fact that you can get them to do it
>against the intentions of the designers does not change the intent and
>purpose of the original design. You have to live with that.
I think if in-band key management can be used it should be stated so in
the spec as any other option would be.
/jim
References: