[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Status of IPSEC Key Management

To: ipsec@TIS.COM, secdir@mit.edu
Subject: Status of IPSEC Key Management
From: "Jeffrey I. Schiller" <jis@mit.edu>
Date: Thu, 05 Sep 1996 01:42:32 -0400
Cc: The IAB <iab@ietf.org>, The IESG <iesg@ietf.org>
Organization: Massachusetts Institute of Technology
Reply-To: jis@mit.edu
Sender: ipsec-approval@neptune.tis.com

Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

Standardized security technology is urgently needed on the Internet
today.  The IPSEC Working Group has been working to provide solutions
applicable to the IP Layer of the protocol stack. Over a year ago,
consensus was reached on the packet formats necessary to provide data
authentication, integrity and confidentiality, however the mechanism to
exchange required cryptographic material were not yet ready for
standardization.

Since then the IPSEC Working Group has been struggling with several
competing proposals. To have competing proposals within an IETF working
group is neither new nor novel. However the time comes when either the
proponents of the various proposals come to consensus (along with the
rest of the working group) or a decision among them has to be made.
That time is now.

In Montreal (at the June IETF meeting) I saw several factions at work
in the IPSEC working group. There were people supporting each of the
proposed key management solutions and a larger number of people who
were looking for a single solution to emerge, but who themselves were
not in a position to have a technical opinion one way or the other. But
one thing was clear, they wanted a solution and they wanted it then.

Shortly after the meeting I was approached by several people offering
to have a "design team" meeting with the principals behind the various
proposals. The goal being to come up with a compromise that all could
live with. I considered this very good news, but I was also cautious.
The last thing I wanted was to have a working group meeting at the
December IETF and still be where we were in Montreal, namely without a
solution! To this end I established a time limit. The charge to the
design team was to come up with a compromise solution (or enough
progress on a compromise) by September 1. After September 1, if the
working group could not decide upon a course of action, then I would
step in as Security Area Director and propose one myself.

As those of you on the IPSEC list already know, the design team failed
in their effort to come up with a compromise. I am both saddened and
disappointed by this outcome.

This leaves us with the question of where to go. To that end, I am
preparing a position paper outlining the direction that I believe we
should be going. This paper will be reviewed by the members of the
Security Area Directorate and published as an Internet Draft. Expect to
see it by the end of next week or early the week following.

I know that many of you have been anxious for the IETF to finally
settle this issue so that we can move forward and make progress in
providing open standard solutions to security at the IP layer. It is my
intent that we settle this soon, hopefully within the next few weeks.

                                Sincerely,

                                Jeffrey I. Schiller
                                IESG Area Director for Security

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMi5m78UtR20Nv5BtAQFFnwQAh8BP+FNbXNB9vfdJIqnRtx8DuSCn8vB6
0thzsxs9Xzg1+7d70V9rYQ+HYI0imUwiuwy0jG5WTWCP5MpRfFj4FNaNnicFuAj/
Iaqget7U2BkHpfEpXe2q1lCkRySk+JuoU94aRuqEAZn7pyXCb4lP+BBkuSqXkiU+
w6B6y6hlYaU=
=DyuX
-----END PGP SIGNATURE-----

Prev by Date: Re: Everything degenerates to Key Management
Next by Date: Replay protection with Manual keying
Prev by thread: Re: Everything degenerates to Key Management
Next by thread: Re: Status of IPSEC Key Management
Index(es):
- Main
- Thread