[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ipsec-arch-sec-01.txt



I think I inadvertantly caused some confusion due to my previous post on
this subject. I owe it to Ran Atkinson to clarify my comments. I should
make clear that I was not attempting to comment on the object of his
argument, that is, as to whether 'Requiring that the
tunnel/transport-mode distinction be part of the SA' was appropriate or
not. Perhaps it is not appropriate; I have not had an opportunity to
study that issue as of yet.

In terms of my post, no disrespect was intended, and neither was my post
meant to be a flame. I recognize that Ran is one of the original
designers of the IP security architecture. I have seen code, RFC's, and
wg drafts which he has authored. 

My point is this: when IP security was originally designed and
implemented, there were things which were not, indeed could not have
been, foreseen. As a result, there have been a series of refinements to
the protocols proposed by various members of this working group.

Unfortunately, sometimes those proposals are dismissed by various
members of the wg using some variation of the argument Ran presented,
e.g. 'it will cost my company money to change this, so I don't want to
do it.' Alternatively, the argument may be along the lines of 'I thought
we agreed there would be no more changes which break currently operating
code.'

My point is that these types of arguments should not be entertained. As
I said, I have not taken the time to examine the original issue this
thread pertains to, the one having to do with tunnel/transport attribute
representation, but if there is a good argument why this should not be
changed, why not let it stand on its own merit?

I meant no offense and no disrespect. I guess I'm just somewhat of an
idealist, possibly due to my inexperience with the IETF. I just think
this wg owes it to the world to give them the best possible protocol.


Scott


Follow-Ups: