[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bill's emails

To: ipsec@ans.net
Subject: Bill's emails
From: Ran Atkinson <rja@bodhi.nrl.navy.mil>
Date: Mon, 11 Sep 1995 13:43:43 -0400
Reply-To: rja@cs.nrl.navy.mil
Sender: rja@bodhi.cs.nrl.navy.mil


Bill,

  I'm not comfortable with the way you have tried to characterise
my views on things in your recent notes.  You've attributed things
to me that I don't really agree with, at least the way you put them.

  Examples include "blocks of SPIs" which I'm not terribly keen on.
I do think it is sensible to grab several keys out of a single
D-H exponentiation if possible and cache a few of the keys for later
use by those two parties.  This permits me to take advantage of
locality in which systems my system is talking with if I want to,
but I am not sure any spec change is really needed to make this work.

  Similarly, while I think that it is overkill for ISAKMP to have
_both_ attribute lists and attribute sets, I can probably live with
either one of those two.  I do think we need more flexibility in
negotiating SA attributes than I see in the most recent online
Photuris draft, but there are also aspects of ISAKMP that I'm
not comfortable with (I've sent email to them about those issues).

  (In general I'd be obliged if you let me speak for myself. :-)

Thanks much,

Ran
rja@cs.nrl.navy.mil

Prev by Date: Re: replay attacks
Next by Date: replay attacks
Prev by thread: Re: replay attacks
Next by thread: Ran's emails
Index(es):
- Main
- Thread