[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security

> From: "Theodore Ts'o" <tytso@MIT.EDU>
> Well, that suggests one possible compromise --- which is that draft is
> modified to remove the comment deprecating in-band keying, but also
> stating that the intention is that the expectation is that the base
> level key exchange method will be using an out-of-band key exchange
> method.  
> Is this something that everyone can live with?


In the interest of bringing this unfortunately long debate
to an end, I will say "Yes". Not that this solution is ideal
from my perspective, but that it appears to be better than
the current situation.

I believe that the correct way to resolve this issue is to
actually build and deploy security/key-mgmt in the extremely
diverse environments/applications possible in the Internet,
and therefore to the extent that this permits experimentation
with alternative approaches, I am for it. Ultimately, as
we have all agreed, the market will decide the approach
it prefers.

Thanks, BTW for making a compromise proposal.

Kind regards,