[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

I apologize for replying one last time to this. As a consolation to
readers, let me note that its my last word on the subject.

Dan Nessett says:
> I don't agree. Ran has stated that he will clarify the text of the security
> architecture document so that it is clear the "reserved" SAIDs can be
> allocated by the IANA for key management purposes. Fine. That removes one
> impediment. However, the draft still says the architecture is not intended
> for in-band keying.

And it is indeed not designed for SKIP style keying. (I refuse to say
"in-band" by the way because it is an inaccurate term.)

I see no purpose in removing a factual statement from the
documents. Trying to make SKIP fit into IPSP is very unnatural. As I
repeatedly note, SKIP neither uses SAIDs nor the defined IPSP
transforms. It ends up using IPSP as an unreliable datagram protocol
-- you might as well build it on top of UDP given the amount of IPSP
functionality you make use of. 

You note that naive readers will think that the design wasn't intended
for SKIP style systems -- but it *wasn't*, and I indeed want naive
readers to understand how the design was intended to work.

I strongly recommend against any removal of the stated text from the
draft precisely because it will make the purpose of the features of
IPSP less clear and reduce the ability of readers to understand the

Thats all there is to say. From what I can tell, this has been beaten
into the ground. I see no reason to discuss it further, and therefore
I won't. You all know my position.