[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SKIP: Interoperability proposal




Perhaps I should give a bit of context.

My original comments came because I was informed by a reporter that
there were people from Sun going around claiming that SKIP was
destined to be *the* standard for IP security and trying to bludgeon
other manufacturers into following it since after all it was going to
be *the* standard. The reporter knew me and asked for comment. I
stated that the assertion that SKIP was to be *the* standard was news
to me, and so far as I knew SKIP was, at best, destined for elective
status, and certainly wasn't the mainstream of the current working
group direction, so any statement that it was certain to be *the*
standard was at the very most optimistic level highly premature and
probably totally inaccurate.

Now, as for the mailing list discussion, I had decided to quit arguing
given that mailing list bandwidth is fairly high and that the SKIP
people aren't badly behaved, and that folks like Phil had weighed in
and said "oh, let them talk".

However, I think I ought to answer Paul Lambert's comments, given that
they have just arrived.

"PALAMBER.US.ORACLE.COM" writes:
> SKIP is a work item of the IPSEC group.

SKIP was a proposal being considered by the IPSEC group for the
original IPSEC work. It was rejected when the compromise proposal was
accepted. SKIP was also a proposal considered for the key management
phase of the working group's agenda. It was also rejected when the
decision was announced by Ran that the group would work towards a
photuris-like protocol. SKIP is not currently under consideration for
any work item under the IPSEC working group's charter, so I don't know
how one can refer to it as a "work item" of the IPSEC group.

> Please quite cluttering the mail list with your impressions of the IPSEC 
> groups scope. 

I believe my "clutter" is based on an accurate reading of the charter
and the agenda. If my reading is inaccurate, then why not discuss NLSP
or other past rejected proposals as well? Why not discuss the IEEE's
key management protocol, which I believe isn't under consideration any
longer.

> In the "Internet Model" of development we need to be open to the evolution of
> new approaches if they are well documented and supported by implementations. 

Did I say they shouldn't have a working group or even an IETF elective
standard if they liked? I merely said that they weren't on the table
any more in the IPSEC working group so far as I could tell.
 
> It is true that SKIP does not meet the some of the original requirements for 
> key management.  These are important requirements that include critical 
> capabilities for negotiation.  SKIP does "support" and build on the base 
> AH/ESP encapsulation protocol.

SKIP does not "build on" AH/ESP. I get the impression it was
shoehorned in to AH/ESP so that it could be said to be compatible with
it on checklists. This is much like claiming that CLNP is "compatible
with" IP because you can come up with an encapsulation for it in IP.

> If you are not happy with SKIP, try to improve the viability of other 
> specifications. 

The other specifications quite viable. I believe my laptop will be
running some of them in Dallas and using them for day to day work in
communicating with my home network.

Perry


Follow-Ups: