Perry, One last time: SKIP is a work item of the IPSEC group. There was a SKIP BOF in Stockholm, but the work has been pulled into this mailing list because of the many shared goals. Please quite cluttering the mail list with your impressions of the IPSEC groups scope. In the "Internet Model" of development we need to be open to the evolution of new approaches if they are well documented and supported by implementations. It is true that SKIP does not meet the some of the original requirements for key management. These are important requirements that include critical capabilities for negotiation. SKIP does "support" and build on the base AH/ESP encapsulation protocol. Since it builds on AH/ESP it helps if this work is part of the IPSEC working group. If you are not happy with SKIP, try to improve the viability of other specifications. Paul -------------------------------------------------------------- Paul Lambert Director of Security Products Oracle Corporation Phone: (415) 506-0370 500 Oracle Parkway, Box 659410 Fax: (415) 413-2963 Redwood Shores, CA 94065 palamber@us.oracle.com --------------------------------------------------------------
-- BEGIN included message
- To: PALAMBER@us.oracle.com
- Subject: Re: SKIP: Interoperability proposal
- From: "Perry E. Metzger" <perry@piermont.com>
- Date: 10 Nov 95 21:49:24
- Cc: ipsec@ans.net
- Reply-to: perry@piermont.com
"PALAMBER.US.ORACLE.COM" writes: > SKIP is part of IPSEC. Thats news to me. The IPSEC documents don't mention SKIP anywhere. I know -- I was one of the people that edited and wrote them. > The SKIP implementors and editor are working hard at making SKIP > compatable with AH/ESP. Thats a different story. However, so far as I can tell, its not possible. A SKIP implementation necessarily is not compatible with the base transforms in IPSEC or with the way IPSEC modularly handles key negotiation. The only reason I can see that the SKIP people want to move to similar formats is so that they can claim in the press that it has something to do with IPSEC. > It does represent an alternative to the original working group > concept of only supporting an application layer key management > protocol. Actually, we didn't speak of only supporting application layer or allowing other things. However, the SKIP model is so totally different from the IPSEC model that they bear no resemblance. I'm not saying that the folks doing SKIP work should stop. However, they shouldn't claim its IPSEC related. It really isn't. Perry
-- END included message