[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

To: Danny.Nessett@eng.sun.com
Subject: Re: (IPng) Re: Proposed message on perfect forward security
From: Theodore Ts'o <tytso@MIT.EDU>
Date: Wed, 15 Mar 1995 17:50:00 +0500
Address: 1 Amherst St., Cambridge, MA 02139
Cc: hinden@servo.ipsilon.com, ipng@sunroof.eng.sun.com, ipsec@ans.net
In-Reply-To: Dan Nessett's message of Wed, 15 Mar 1995 10:04:10 -0800,<199503151809.AA29812@interlock.ans.net>
Phone: (617) 253-8091

   Date: Wed, 15 Mar 1995 10:04:10 -0800
   From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)

   However, if pursuing this issue is seen by the long term participants of the
   IPng working group as counter-productive, then I will retire. I thought this
   was supposed to be an open process.

Dan, 
	Let me be frank.  My impression is that your company has a
proprietary product which uses in-band keying, and so you are naturally
trying to push to make sure there is a place for your company's product
in the standard.  Thus, you don't like the fact that the IPng
specifications currently say that architecture is not intended for use
in using in-band keying.

	I think it is fair to say that we should not rule out systems
that use in-band keying.  However, it is also fair to say that in the
interests of interoperability, we do need to pick a basic method of
doing key exchange, that everyone will support.  My reading of the IPng
specifications is that they mandate a particular architecture for use as
the basic, commonly implemented key exchange --- and the architectural
direction, which has already been determined, will be using out-of-band
keying scheme.  The details of that still need to be worked out, of
course, but at some point you have to make certain basic architectural
decisions, and then move forward.  Otherwise, we will end up making no
progress at all.

	My understanding is that the common, required implementation of
key-exchange which everyone must implement in the interest of
interoperability, has been decided, via an open process, to use
out-of-band keying.  With this decision already made, unless there are
some extreme, extenuating circumstances which would call for us to
revisit that decision, I would think that it would be counter-productive
for people to continually be insisting that this decision be re-opened,
and re-examined, over and over again, ad naseum.

	Now, my understanding of where we are in the process may be
different from what other's people understanding have been ---
especially since I haven't been all that active in the IPng discussions.
So, I invite people to correct my understanding of where we are in the
process.  But if we are where we think we are, I believe all we need to
do at this point is to make sure that the current proposal do not rule
out the use of in-band keying as an optional key management protocol.
And, I believe this is the case already.

	Perhaps some of the flailing that we've had on these lists has
had to do with different understandings of where we are in this process.
Hopefully if we can clear this up, we can move forward and actually get
some real work done.

						- Ted

References:

Re: (IPng) Re: Proposed message on perfect forward security

From: Danny.Nessett@eng.sun.com (Dan Nessett)

Prev by Date: Re: Diffie's comments on Photuris
Next by Date: Re: (IPng) Re: Proposed message on perfect forward security
Prev by thread: Re: (IPng) Re: Proposed message on perfect forward security
Next by thread: Re: (IPng) Re: Proposed message on perfect forward security
Index(es):
- Main
- Thread