[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 Security Last Call Initial Questions (per user keying)


Your message :

>  OK, here's a back of the envelope design, completely off the cuff. 


>  But you just wanted a proof concept that
>  it was in fact possible; hopefully this is what you were looking for.

didn't really provide enough information. For example :

 o  You only covered two of the four issues,

 o  You didn't specify how the information about keying material,
    algorithms, etc. are extracted from the key distribution opaque
    data and transformed into a form acceptible to the IP implementation.

I think I was looking for something a bit more than a back of the envelope
discusion and a bit less than an internet draft. I don't care what the data
structures look like, only how the information is processed.

However, I think you have no obligation at this point to proceed, based on
an off-the-cuff remark you made in an email message. On the other hand,
someone should have thought the problem through sufficiently so that
implementors are convinced it can be done. It is precisely because I don't
think anyone has done this yet that I am concerned that per-user keying
is a mandatory requirment.