[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

Dan Nessett says:
> allowing the marketplace to do its job. It is too early to tell just what
> the market will desire and so, I believe, it is imprudent to limit IPv6
> to a single class of key distribution mechanisms, viz., only those employing
> out-of-band keying.

The problem is this, Dan. SKIP can't use the transforms defined for
IPSP or the SAID mechanisms defined for IPSP. It can't support
multiple keys between hosts, either. In short, you have this "neither
fish nor foul" proposal out there that doesn't really have any
demonstrable advantages and doesn't fit in with the rest of the
architecture. In the guise of saying "we need to be flexible" you keep
coming back and saying that you think that we should rip up the
architecture to make SKIP more feasable. Well, I'm sorry, but so far
as I can tell a SKIP implementation can't even share the transform
code that is used for other key management mechanisms. The thing isn't
a modular key management system -- its a proposal that really seeks to
fundamentally alter the entire way IPSP was architected.