[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP: Interoperability proposal



Perry E. Metzger wrote:
>   ...   I believe that the claim is specious. SKIP is "compatible" in
> name only. A SKIP packet will not "work" with, say, an NRL IPSEC
> implementation. It makes different assumptions about the whole world,
> and assumes you have bought into the whole SKIP key management
> mechanism.

Sure. What exactly is an IPSEC implementation? Or do you rather refer to a
combination of Photuris/AH/ESP  as opposed to say ISAKMP/AH/ESP or 
SKIP/AH/ESP as _THE_ IPSEC implementation? That IMNSHO is quite narrow 
a view.

> I think that the fact that SKIP exists at all demonstrates that SKIP
> isn't the same as IPSEC. If it was, then why would anyone bother
> writing drafts about it, since it would be the same thing?

SKIP is not the same as Photuris. The charter of the ipsec working group
fits both of them, if I remember correctly.

> The fact remains that the direction we have selected is the IPSEC
> documents, which are now standards track, and Photuris-like
> mechanisms, of which Photuris is the one currently under greatest
> study and development. SKIP is *not* the direction that the mainstream
> standardization effort is going in.

Thank you for telling me what is going to be standard and what not. As the
case is now brilliantly clear, there sure would be no problem for bearing a
little longer with SKIP, until it dies its natural death? It certainly would
not cost you anything to simply wait it out.

Photuris and SKIP both use AH/ESP to provide security on the IP layer.
Although Photuris has many advantages, it is perhaps not the best solution
in all possible situations. Neither is SKIP. How about creating the three
different draft protocols (as there seems to be substantial interest in each
of them), make Photuris mandatory or whatever, and the others optional. Then
let the public play with the different approaches, and let it decide.

I suggest you bear with the 'skippies' just a little bit longer.

Greetings,
  Germano


p.s. I will restrain myself from further escalating this discussion as I feel
Dallas will be an appropriate point in time and space to continue it. So
hopefully this is my last reply to yur suggestion to move SKIP off ipsec.

Please remember the can of worms you mentioned in your mail from Jul 1st...