[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: manual keying and IPSEC conformance

To: ipsec@tis.com
Subject: Re: manual keying and IPSEC conformance
From: dpkemp@missi.ncsc.mil (David P. Kemp)
Date: Thu, 21 Aug 1997 09:16:54 -0400
Sender: owner-ipsec@ex.tis.com


I agree with the several suggestions to make ISAKMP a mandatory
part of IPsec for IPv4.

And I agree with Dan's rationale for continuing to keep manual keying
as a mandatory requirement.  The only flaw with this scheme was pointed
out by Rodney Thayer's distinction between "really manual" and "some
other KMP plugged into the manual keying interface".  If we are going
to prohibit Anti-Replay for manual keying, it should be explicitly
stated that it is only prohibited for "manual keying requiring human
intervention for rekey".

I don't know if there are any other requirements which depend on
manual vs. automatic.  If so, they should all be clearly stated as
such, so that all KMPs are treated as automatic keying for purposes
of interpreting the requirements.

Prev by Date: Re: manual keying and IPSEC conformance
Next by Date: Re: manual keying and IPSEC conformance
Prev by thread: Re: manual keying and IPSEC conformance
Next by thread: Re: manual keying and IPSEC conformance
Index(es):
- Main
- Thread