[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: manual keying and IPSEC conformance

To: Derrell Piper <piper@cisco.com>
Subject: Re: manual keying and IPSEC conformance
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Wed, 27 Aug 1997 13:32:53 -0400
Cc: ipsec@tis.com
In-Reply-To: piper's message of Wed, 20 Aug 1997 15:09:31 -0700. <199708202209.PAA27812@pita.cisco.com>
Sender: owner-ipsec@ex.tis.com

Sorry for the late reply on this issue; I've been significantly behind
on my mail.

I'm afraid I disagree.

While I do not think manual keying will be used in significant ways in
large-scale production networks, I think that until we have a *lot*
more experience with isakmp we need to keep it in as a backup mode of
operation.

While my customers may not think they want it or may be confused about
whether or not it's a "security hole" (at worst, it's more rope the
user can use to hang themselves.. and it's nowhere near as dangerous
as many other things..), I know that I definitely want it in there so
that if two isakmp's absolutely fail to talk I have a better fallback
around than sending in the clear.

					- Bill

References:

manual keying and IPSEC conformance

From: Derrell Piper <piper@cisco.com>

Prev by Date: draft-ietf-ipsec-isakmp-08.txt
Next by Date: Re: IPSEC and NAT
Prev by thread: Re: manual keying and IPSEC conformance
Next by thread: Re: manual keying and IPSEC conformance
Index(es):
- Main
- Thread