[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forward secrecy




I don't know what the implementation in Switzerland looks like and I
don't want to wade into a semantic swamp, but let me just make one
observation that is independent of any particular implementation.

All conforming/compliant implementations of ESP/AH _MUST_ support the use
of regular SPIs and MUST support the use of manual key distribution. 
Anything that only supported SKIP key distribution and did not support
regular SPIs and manual key distribution is __NOT__ a conforming or
compliant implementation of ESP/AH.  Claims to the contrary would constitute
criminal fraud under US laws.  If an implementation doesn't meet ALL
of the requirements in RFC-1825-1827, then it should only be characterised
as "incomplete" or "non-conforming" or "broken".

Regards,

Ran
rja@cisco.com

Opinions expressed are my own, not necessarily my employer's.


Follow-Ups: