Manual Key support required

["William Allen Simpson" <wsimpson@greendragon.com>]

> From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
> In my judgement, this limited interoperability isn't particularly
> useful, all things considered.   If you're going to be implementing
> something which is compatible with the old RFC1827-1829, you can simply
> use those old RFC's; they're not going away.
>
While I am pleased to see this statement (the previous chair proposed
moving them to Historic), the tone of your message leads me to think
that manual key management is somehow "old".

Every implementation is required to support manual key management.

Support for an automated key manager is optional.


> Finally, if you need to support both the old manual keying way of doing
> things and the new key-management way of doing things, the extra code to
> support a new cipher algorithm is minimal; the size of your DES, MD5,
> SHA, et. al. implementation will completely dwarf the extra code you
> need to support the new way of handling the sequence number and IV
> (which is after all, simply byte juggling).
>
A new definition of "minimal".  I think you meant "small".

The "minimal" effort proposed here is "none".

But that argument, taken on its face, means that every possible method
of handling every possible option is "small".  I think that many vendors
find the prospect of many "small" differences to be undesirable.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

---

• Prev by Date: Re: Derived versus Explicit IV
• Next by Date: Derived versus Explicit technical rationale
• Prev by thread: I-D ACTION:draft-ietf-ipsec-esp-v2-00.txt
• Next by thread: Derived versus Explicit technical rationale
• Index(es):
  • Main
  • Thread