[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Proposed message on perfect forward security

Jim says:

> I see no consensus that you keep saying with phrases like "I suspect
> that others feel the same way".  I do see one hand clapping.

Agreed. Not even a `rough' one... :-)

> Nothing you can say will convince me of not wanting the option of
> in-band keying in the spec.  Because I believe it should be a technology
> option I as an engineer may build in my products, for the explicit reasons
> Dan has described consistently.

Also agreed. Let me clarify: I agree with most of Perry's reservations about
SKIP and in-line keying. But, I don't agree with his conclusion. SKIP and
in-line keying give some unique advantages to certain valid scenarios.
Therefore, it would be good to include them as options of our key management
encapsulation standards. Of course they should not be the only mode or even the
default, furthermore I'll agree to eliminate them if we had a good reason
(i.e. a big cost in efficiency, security, or complexity).

This is what we plan to do in the next release of our proposal (see Hugo's
recent note). We need to move ahead; we have to ship a product in a few months
and we have many customers waiting (not very patiently, though). Come on,
let's get agreement and interoperable implementations!

Let's try to work TOGETHER and drive toward consensus.

Best, Amir Herzberg

Follow-Ups: References: