[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

To: tytso@MIT.EDU
Subject: Re: (IPng) Re: Proposed message on perfect forward security
From: Danny.Nessett@eng.sun.com (Dan Nessett)
Date: Wed, 15 Mar 1995 15:04:48 -0800
Cc: hinden@servo.ipsilon.com, ipng@sunroof.eng.sun.com, ipsec@ans.net


>	 But if we are where we think we are, I believe all we need to
>  do at this point is to make sure that the current proposal do not rule
>  out the use of in-band keying as an optional key management protocol.

This is all I've been asking for since the beginning.

>  And, I believe this is the case already.
>  

I don't agree. Ran has stated that he will clarify the text of the security
architecture document so that it is clear the "reserved" SAIDs can be
allocated by the IANA for key management purposes. Fine. That removes one
impediment. However, the draft still says the architecture is not intended
for in-band keying. Once the I-Ds become Proposed Standards, implementors
will read them without the benefit of the email that has appeared on the
IPng and IPsec lists. If I was going to implement according to the existing
I-Ds I would read the section deprecating the use of in-band keying to
mean the AH and ESP headers should not be used for that purpose.

Dan

Prev by Date: Re: Proposed message on perfect forward security
Next by Date: Re: Comments from Paul Van Oorschot
Prev by thread: Re: (IPng) Re: Proposed message on perfect forward security
Next by thread: Re: (IPng) Re: Proposed message on perfect forward security
Index(es):
- Main
- Thread