[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ESP transform with RC5
I want to make it clear in advance that I'm not trying to be hostile
here. E-Mail often removes niceties like facial expression. I'm more
trying to figure out what was going on at RSA DSI than anything else.
Michael Richardson writes:
> In a galaxy far, far away, : Mon, 18 Mar 1996 16:08:28 EST
> > swIPe was a long dead experiment. SKIP is a key management protocol,
> > which fits in the same place in the stack as Photuris or Oakley.
>
> This was August 1995. Vendors wanted to interoperate *soon*
August 1995 was after the IPsec documents had gone to RFC (indeed, the
documents are dated August, 1995). They had long since been in last
call and were very stable. You have apparently been misinformed about
the timing of our efforts.
> swIPe was on the list because it was out there.
Actually it wasn't out there any longer; it had more or less been
informally withdrawn long before, after the Toronto IETF as I
recall. It was just an experiment.
> SKIP as implemented by SunScreen (not IPsec based) was also out there.
Actually SKIP *is* IPsec based (though I've had interoperation
disputes with the SKIP people).
> > We already had perfectly good IPsec transforms written and in place,
> > by the way.
>
> Yes. Which is why the other "options" were quickly discarded.
>
> > The only difference I can see between IPsec and S/WAN is that S/WAN
> > uses RC5 instead of something like 3DES. Can you correct me on this?
>
> The original "spec" said MD5 and DES. RSA quickly added RC5.
Why did they have a "spec" at all when we had RFC's 1825-1829 already
out? This all strikes me as odd.
Perry
Follow-Ups:
References: