[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

>	 But if we are where we think we are, I believe all we need to
>  do at this point is to make sure that the current proposal do not rule
>  out the use of in-band keying as an optional key management protocol.

This is all I've been asking for since the beginning.

>  And, I believe this is the case already.

I don't agree. Ran has stated that he will clarify the text of the security
architecture document so that it is clear the "reserved" SAIDs can be
allocated by the IANA for key management purposes. Fine. That removes one
impediment. However, the draft still says the architecture is not intended
for in-band keying. Once the I-Ds become Proposed Standards, implementors
will read them without the benefit of the email that has appeared on the
IPng and IPsec lists. If I was going to implement according to the existing
I-Ds I would read the section deprecating the use of in-band keying to
mean the AH and ESP headers should not be used for that purpose.