[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: forward secrecy
All conforming/compliant implementations of ESP/AH _MUST_
support the se of regular SPIs and MUST support the use of
manual key distribution. Anything that only supported SKIP
key distribution and did not support regular SPIs and manual
key distribution is __NOT__ a conforming or compliant
implementation of ESP/AH. Claims to the contrary would
constitute criminal fraud under US laws. If an implementation
doesn't meet ALL of the requirements in RFC-1825-1827, then it
should only be characterised as "incomplete" or
"non-conforming" or "broken".
Given that I've yet to see even one implementation that conforms
to all of RFC 1122 and 1123, I can't take this very seriously.