Re: Everything degenerates to Key Management

[Phil Karn <karn@qualcomm.com>]

>Internet protocols for future capability.  Ignoring the need that is well 
>voiced for a common, flexible, and extensible key managment protocol would 
>border on deliquency.

The *truly* deliquent action is to spend so much time pursuing total
generality that well-defined, near-term and increasingly critical
security needs (like securing remote laptop access and virtual private
subnetworks) continue to go unmet.

Nobody said you can't keep working on as general a scheme as you like
even if a more limited IPSEC scheme is deployed. That's the way the
Internet works. Anybody can work on anything they like, but acceptance
is voluntary.

Now if you're concerned that the availability of a scaled-back IPSEC
will reduce the demand for a full-blown version, well...what can I
say? Perhaps that would simply demonstrate there's no point in doing
the full-blown version, eh?

In my own sphere of influence, we've begun deploying Network Systems
Borderguards in our virtual private network links. I understand these
still use proprietary key management protocols and encapsulation
formats, yet they seem to work. I've personally begun to use SSH quite
heavily.  It also seems to satisfy many of my needs despite having no
official IETF standing.

All other things equal, I'd certainly prefer to use standard
protocols.  But all other things are NOT equal, because the standards
don't exist in a form I can use. And alternatives are rapidly
appearing.

Phil

---

• Prev by Date: Re: Everything degenerates to Key Management
• Next by Date: Status of IPSEC Key Management
• Prev by thread: Re: Everything degenerates to Key Management
• Next by thread: Status of IPSEC Key Management
• Index(es):
  • Main
  • Thread