Re: Comments on latest IPSP drafts

[Amir Herzberg <amir@watson.ibm.com>]

Jerry,

You replied to Perry,

...

> The IETF is a standards body
> whose duty is to develop high quality, implementable standards. Its members
> may be implementors but the IETF implements nothing. If the IETF chooses not
> to make DES a requirement and is up front about it then where is the "false
> sense of security" coming from. If you personally or your company feel
> strongly then you may implement the DES ESP and your hands can be as clean as
> you want.  If the IETF so decrees that that the DES-CBC is a MUST, and if
> companies choose to build and sell an IPv6-like product without this (which
> will probably happen - if there is a demand for IPv6  -if not then who cares),
> then
> the IETF has just taken another step along the path to irrelevance

I agree, and I believe that the IETF would be better served by having the ESP
optional (requiring DES, and with AUTH as a MUST), or allowing weak DES for
ESP.

The issue was raised in the open security area meeting and voted on (OK, a
`show
of hand'). There were quite a few - maybe a third - but as Jeff Schiller put
it, a `rough consensus' decided that DES and ESP MUST be implemented in IPv6.

Jeff now takes this to the IESG, and I'm not sure we should continue to
discuss this on this list. Maybe there is still value to let Jeff, or other
IESG members, know how you feel.

Best, Amir

---

References:

• RE: Comments on latest IPSP drafts
• From: "FreedmanJ" <freedmanj@mail.ndhm.gtegsc.com>

---

• Prev by Date: RE: Comments on latest IPSP drafts
• Next by Date: Re: Comments on latest IPSP drafts
• Prev by thread: Re: Comments on latest IPSP drafts
• Next by thread: I-D ACTION:draft-ietf-ipsec-cbc-encrypt-00.txt
• Index(es):
  • Main
  • Thread