[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) in-band key mgmt, IPV6, export issues, DES hardware




>  From rja@bodhi.itd.nrl.navy.mil Fri Mar 10 06:22:03 1995
>  To: ipng@sunroof.Eng.Sun.COM, ipsec@ans.net
>  Subject: Re: (IPng) in-band key mgmt, IPV6, export issues, DES hardware
>  Mime-Version: 1.0
>  
>  Folks,
>  
>  1)   The IPv6 specs do NOT "clearly state that in-band cannot be used
>  for IPv6".
>  
>    The IPv6 specs merely state that the IPv6 security specs were "not
>  intended for use with in-band" key management.  In-band clearly works
>  as has been described by Ted T'so and others.  Even the in-band
>  advocates believe that it will using the technique that Ted has
>  described.  Within an IETF spec, things that are not explicitly
>  prohibited using "MUST NOT" language are permitted.  There is no
>  language that I am aware of that says one "MUST NOT" use in-band key
>  management or even says one "SHOULD NOT" use in-band key management.
>  There is a difference between what the designer intended and what
>  is possible and permitted.

Ran,

Given your agreement that IPv6 can be used to support in-band keying, what
is your objection to removing the paragraph that states it is "not intended"
to do so?

Dan