[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Regarding Bill's draft

To: William Allen Simpson <bsimpson@morningstar.com>
Subject: Re: Regarding Bill's draft
From: Theodore Ts'o <tytso@mit.edu>
Date: Fri, 23 Feb 1996 14:21:59 -0500
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@TIS.COM
In-Reply-To: William Allen Simpson's message of Fri, 23 Feb 96 05:20:11 GMT,<4932.bsimpson@morningstar.com>
Phone: (617) 253-8091
Sender: ipsec-request@neptune.tis.com

Bill,
	My interpretation of the wg requirements is that it is not
enough that it be possible for the protocol to support a required
functionality, but that a compliant implementation must support it.
Users or system administrators may decide not to use such a feature, but
they must have the option of _using_ it; ergo, a compliant
implementation must support it, in an interoperable fashion. 

	Hence, a compliant implementation of IPV6 must include support
for encryption.  It is not enough that there be an optional way of doing
encryption in IPV6; a compliant implementation must support encryption.

	Likewise, for SKIP to pass muster vis-a-vis the wg requirements,
it is not enough for there to be an optional way of supporting Perfect
Forward Secrecy.  If SKIP is to meet the wg requirements, all compliant
implementations of SKIP must support PFS.

	And finally, it is not enough that Photoris support certain wg
requirements by providing a way to support them in the protocol via an
optional Photoris extensions document, where the extensions are very
clearly not well-enough defined to create interoperable implementations.
In order to meet the wg requirements, all complaint implementations have
to support those features listed in the Photuris extensions draft.

	After all, you'd probably be first to cry foul if the SKIP folks
claimed that their protocol meet all of the working group requirements
if the PFS was only described in an optional part of the protocol spec,
which none of their implementations supported.  Likewise, if Photoris is
to be considered as meeting all of the wg requirements, then all of
these requirements must be met in the base protocol spec, or failing
that, in an annex of the protocol spec which is well-formed and which is
mandatory for implementors to implement.

	Hence, I believe that we really do need to address those items
found in the Photoris extensions draft, or else consider Photuris as not
meeting the wg requirements.  Fair's fair, after all....

							- Ted

References:

Re: Regarding Bill's draft

From: William Allen Simpson <bsimpson@morningstar.com>

Prev by Date: Re: Regarding Bill's draft... another Bill's open issues with photuris
Next by Date: an imperfection in skip-pfs.
Prev by thread: Re: Regarding Bill's draft
Next by thread: Re: Regarding Bill's draft
Index(es):
- Main
- Thread