[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eliminate AH
> If we had:
>
> - a STABLE standard
> - running code
>
> I'm sure many of the other security people would adopt it.
We have lots of running code. We had half a dozen interoperable
implementations in Dallas. Never mind that we had to go change the transforms
again (I know it's for a good reason, but that's besides the point).
I think the main thing we lack is a set of documents saying *how* and *where*
to use IPSEC, what it buys people, and why they shouldn't just roll their own.
Also, building some interfacing mechanisms to the key/certificate management
stuff mechanisms such as SSH have may further promote the cause of IPSEC until
we have a working generic key management mechanism.
/ji
PS: Yes, I can hear the shouts now: "Why don't *you* do it, JI?"
References: