[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP: Interoperability proposal

To: Germano Caronni <caronni@tik.ee.ethz.ch>
Subject: Re: SKIP: Interoperability proposal
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sun, 12 Nov 1995 16:25:17 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "Sun, 12 Nov 1995 00:57:35 +0100." <199511112357.AAA00977@ktik0>
Reply-To: perry@piermont.com

Germano Caronni writes:
> Perry E. Metzger wrote:
> >   ...   I believe that the claim is specious. SKIP is "compatible" in
> > name only. A SKIP packet will not "work" with, say, an NRL IPSEC
> > implementation. It makes different assumptions about the whole world,
> > and assumes you have bought into the whole SKIP key management
> > mechanism.
> 
> Sure. What exactly is an IPSEC implementation?

Say, the NRL implementation for 4.4BSD.

> Or do you rather refer to a
> combination of Photuris/AH/ESP  as opposed to say ISAKMP/AH/ESP or 
> SKIP/AH/ESP as _THE_ IPSEC implementation? That IMNSHO is quite narrow 
> a view.

I am not assuming the use of Photuris. Thats not relevant to what I'm
saying.  The fact is that you cannot use SKIP on top of NRL's
implementation. SKIP doesn't play nicely with conventional AH/ESP
implementations.

SKIP doesn't follow the model, period. No amount of wishing on your
part would make it so.

> > I think that the fact that SKIP exists at all demonstrates that SKIP
> > isn't the same as IPSEC. If it was, then why would anyone bother
> > writing drafts about it, since it would be the same thing?
> 
> SKIP is not the same as Photuris. The charter of the ipsec working group
> fits both of them, if I remember correctly.

Look, let me be brutal here. Ran said at Danvers, in no uncertain
terms, that we were following the direction of Photuris and the
defined AH/ESP formats, according to the model listed in the RFC. That
means SKIP isn't standards track, isn't going to be standards track,
can't be standards track. Jeff Schiller said, at the BOF you guys had,
that SKIP might become what gets adopted if the IPSEC folks drop be
ball very badly. However, thus far we haven't. There are now
commercial implementations of the ESP and AH stuff, and lots of people
will have them in products by spring. Photuris is being implemented by
multiple independent groups.

You can keep pretending that SKIP is under consideration if you like,
but it isn't. Form your own working group to make SKIP an elective
standard that will only be used by Sun, or drop it. Don't pretend its
mainstream.

> Photuris and SKIP both use AH/ESP to provide security on the IP layer.

SKIP does NOT NOT NOT use the defined AH and ESP except in the most
literal sense. You've forced it to look similar so you can claim
compatibility but in reality there is no basis for compatibility at
all. Quit pretending.

SKIP is not just a modular key management protocol -- it changes the
whole model. Claims to the contrary are simply false.

> Although Photuris has many advantages, it is perhaps not the best solution
> in all possible situations. Neither is SKIP. How about creating the three
> different draft protocols (as there seems to be substantial interest in each
> of them), make Photuris mandatory or whatever, and the others
> optional.

You are free to form a new working group to make SKIP an elective
standard. That was the approach that you guys seemed to be
taking. No one is stopping you. Just quit pretending it has anything
to do with our work here.

Perry

Follow-Ups:

Re: SKIP: Interoperability proposal

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: SKIP: Interoperability proposal
Next by Date: Re: SKIP: Interoperability proposal
Prev by thread: Re: SKIP: Interoperability proposal
Next by thread: Re: SKIP: Interoperability proposal
Index(es):
- Main
- Thread