[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eliminate AH

To: ipsec@tis.com
Subject: Re: eliminate AH
From: John Ioannidis <ji@hol.gr>
Date: Fri, 23 May 1997 20:38:07 +0300
Hops: 0
Host: tis.com.
In-reply-to: Your message of "Fri, 23 May 1997 11:42:30 EDT." <97May23.113813edt.11650@janus.tor.securecomputing.com>
Organization: La maison qui rend fou.
Posted-Date: Fri, 23 May 1997 20:36:50 -0200 (GMT)
Reply-To: ji@hol.gr
Sender: owner-ipsec@ex.tis.com

> If we had:
> 
> 	- a STABLE standard
> 	- running code
> 
> I'm sure many of the other security people would adopt it.

We have lots of running code. We had half a dozen interoperable 
implementations in Dallas. Never mind that we had to go change the transforms 
again (I know it's for a good reason, but that's besides the point).

I think the main thing we lack is a set of documents saying *how* and *where* 
to use IPSEC, what it buys people, and why they shouldn't just roll their own. 
Also, building some interfacing mechanisms to the key/certificate management 
stuff mechanisms such as SSH have may further promote the cause of IPSEC until 
we have a working generic key management mechanism.

/ji

PS: Yes, I can hear the shouts now: "Why don't *you* do it, JI?"

References:

Re: eliminate AH

From: "C. Harald Koch" <chk@utcc.utoronto.ca>

Prev by Date: Re: eliminate AH
Next by Date: ISAKMP stability (was Re: eliminate AH)
Prev by thread: ISAKMP stability (was Re: eliminate AH)
Next by thread: ISAKMP at other layers (was RE: eliminate AH)
Index(es):
- Main
- Thread