Re: Which comes first?

["Theodore Y. Ts'o" <tytso@MIT.EDU>]

Marc,
	At some level it doesn't matter where the text (about how to
divvy up the keying material for ESP) goes, as long as it goes
*somewhere*.  Likewise, what we are specifying is solely a protocol
matter, and implementations are free to use whatever implementation
strategy they want, so long as the resulting protocol is interoperable.
I had thought that was clear; it tends to be a general ground rule for
the IETF.

	From the point of view of ISAKMP, it provides a single blob of
keying material, no matter what the underying transform (ESP or AH or
whatever).  So architecturally, it seems to be cleaner
***CONCEPTUALLY*** to make the outpt of ISAKMP always be a single blob
of keying materal, and that it is up to the consumers of that keying
material to divide it up as they see fit.  For ESP, it might divide it
up into two parts; for some other ISAKMP client in the future, it might
divide it up into three or four parts.

	Your point of view is that ESP might be used for manual keying,
and in manual keying, some implementations may have chosen to have two
separate inputs for the encryption and message digest algorithms.  This
may certainly be true.  But this is an implementation detail, and we are
not specifying an interface definition in these documents.

	So this information could go into the ESP documents, or it could
go into the ISAKMP document.  What's not acceptable is that we continue
to bicker endlessly about where it goes.  Let's put it somewhere, and
move on.  At the end of the day, it doesn't affect the bits on the wire.

						- Ted

---

References:

• Re: Which comes first?
• From: marc@mentat.com (Marc Hasson)

---

• Prev by Date: Re: Which comes first?
• Next by Date: Re: Daemon Recovery
• Prev by thread: Re: Which comes first?
• Next by thread: Re: Which comes first?
• Index(es):
  • Main
  • Thread