[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forward secrecy

To: Ran Atkinson <rja@cisco.com>
Subject: Re: forward secrecy
From: smb@research.att.com
Date: Mon, 18 Dec 95 12:32:19 EST
Cc: ipsec@ans.net

	 All conforming/compliant implementations of ESP/AH _MUST_
	 support the se of regular SPIs and MUST support the use of
	 manual key distribution.  Anything that only supported SKIP
	 key distribution and did not support regular SPIs and manual
	 key distribution is __NOT__ a conforming or compliant
	 implementation of ESP/AH.  Claims to the contrary would
	 constitute criminal fraud under US laws.  If an implementation
	 doesn't meet ALL of the requirements in RFC-1825-1827, then it
	 should only be characterised as "incomplete" or
	 "non-conforming" or "broken".

Given that I've yet to see even one implementation that conforms
to all of RFC 1122 and 1123, I can't take this very seriously.

Prev by Date: Re: forward secrecy
Next by Date: HannaH beta Test Sign-up
Prev by thread: Re: forward secrecy
Next by thread: Re: forward secrecy
Index(es):
- Main
- Thread