[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: ISAKMP performance
- To: David Jablon <dpj@world.std.com>
- Subject: Re: Re[2]: ISAKMP performance
- From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
- Date: Thu, 17 Jul 1997 17:06:46 -0400
- Address: 1 Amherst St., Cambridge, MA 02139
- Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, Daniel Harkins<dharkins@cisco.com>, andrade@netcom.com, norm@tor.securecomputing.com, pcalhoun@usr.com, ipsec@tis.com
- In-Reply-To: David Jablon's message of Wed, 16 Jul 1997 23:06:46 -0400,<3.0.1.16.19970716230646.0aa75f70@world.std.com>
- Phone: (617) 253-8091
- Sender: owner-ipsec@ex.tis.com
Date: Wed, 16 Jul 1997 23:06:46 -0400
From: David Jablon <dpj@world.std.com>
But it's not necessarily a good reason. There are much stronger
methods, such as password-authenticated Diffie-Hellman exchanges
EKE, SPEKE, etc.
Small Diffie-Hellman moduli are easily broken.
However, discussion of these topics aren't really germane to the ipsec
working group, so I suggest we take this discussion elsewhere.
Discussion of the possibility of designing some other key management
protocol for ipsec is (barely) in order, although at this point if this
discussion gets extensive Bob and I would probably recommend starting a
separate working group to avoid bogging down existing efforts.
- Ted
Follow-Ups:
References: