Re: no SKIP/ISAKMP/OAKLEY resolution

[Joe Tardo <tardo@raptor.com>]

At 12:45 PM 9/2/96 +0000, Ashar Aziz wrote:
>> From:          Hilarie Orman <ho@earth.hpc.org>
>> The design group attempting to combine SKIP/OAKLEY/ISAKMP into one protocol
>> has been unable to resolve deeply held technical differences of opinion.
>
>Initially, we had hopes of finding a common basis for moving
>forward. However, we discovered soon afterwards that there
>were differences of opinion that we simply could not overcome.

It would be very helpful if these differences of opinion were
documented someplace. Is anyone going to do this?

Thanks,
Joe
= ========================================================= =
  Joe Tardo                           Voice: 415-843-0991 
  Raptor Systems, Inc.
  777 San Antonio Ave. Suite 92       Fax:   617-487-6755
  Palo Alto, CA. 94303
= ========================================================= =


Date: Sun, 1 Sep 1996 17:07:56 -0400
From: Hilarie Orman <ho@earth.hpc.org>
Message-Id: <199609012107.RAA15389@earth.hpc.org>
To: David_Wheeler-P26179@email.mot.com
Cc: ipsec@TIS.COM
In-Reply-To: Yourmessage <199608292023.NAA29362@baskerville.CS.Arizona.EDU>
Subject: Re: Everything degenerates to Key Management
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

How far does the group want to go to achieve consensus?  One can
easily design a single protocol that meets all the proposed goals for
key management.  What seems impossible is convince people that this
all MUST be implemented.  For every option there is a contingent that
opposes it, for every option there is a contingent that supports it,
for every subset there is a group that thinks it is too much to implement.
(heavy sigh).

The shopping list is:

   sessions, in-line key encrypting keys
     sublist for second item above: separate hdr, extensions to ESP/AH hdrs
   key determination via PFS or non-PFS 
   identity protection via PFS or non-PFS
   authentication via DH, RSA encryption, RSA signatures, or DSS
     (El Gamal hasn't yet been seriously considered)
   X.509v3 and DNS KEY/SIG records for PK authentication
   certificate inclusion, certificate retrieval
   elliptic curve groups
   new group definitions via protocol
   ISAKMP framework, other framework
   (I think that's all)

Agree whole-heartedly on what you want, set a design team to work, good will
follow.

Hilarie Orman




Date: Mon, 2 Sep 1996 18:20:42 -0400
From: Hilarie Orman <ho@earth.hpc.org>
Message-Id: <199609022220.SAA19077@earth.hpc.org>
To: tardo@raptor.com
Cc: ipsec@TIS.COM
In-Reply-To: Yourmessage <199609022204.PAA13732@baskerville.CS.Arizona.EDU>
Subject: Re: no SKIP/ISAKMP/OAKLEY resolution
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

>   It would be very helpful if these differences of opinion were
>   documented someplace. Is anyone going to do this?

It's not obvious that the differences would be helpful to others; in
any event, the team felt comfortable working privately and there were
no plans to publicize the details of a failure.  There's been a great
of public discussion already, and of course, more is coming, so there's 
hardly a void of information.

I feel that the shopping list I posted earlier contains the relevant issues,
everyone of which has been addressed by one or more proposed protocols.  If
the working group can decide on which ones are essential, which are optional,
then a solution can be quickly found.

Hilarie Orman

---

• Prev by Date: Re: Patents by Sun?
• Next by Date: Re: Everything degenerates to Key Management
• Prev by thread: Re: no SKIP/ISAKMP/OAKLEY resolution
• Next by thread: Re: Patents by Sun?
• Index(es):
  • Main
  • Thread