Re: IPsec Architecture -- proposed changes

[Ran Atkinson <rja@inet.org>]

1) I object to the deferral of MLS text and its removal
from the Architecture specification at this time.
There exists at least one MLS implementation of IPsec
that was done based on the text in RFC-1825~1827.
I am aware of a second independent MLS implementation
in progress.  Those implementers report that they have
found the RFC text to be _minimal but sufficient_.  

Instead, I propose that the existing MLS text be retained, 
possibly adding a note that further development of the MLS 
portion of the specification is anticipated as part of the 
editorial changes going from Proposed Standard to Draft Standard.

Removing the MLS text from the current specifications and
deferring it to some later draft is counter-productive and
is unfair to the existing MLS IPsec implementations.  Part
of the long-standing agreements on these revisions was to
avoid unnecessary changes that would delay forward progress.
I believe the MLS text deferral represents such an unnecessary
change.

2) With respect to work in progress for multicast key
distribution, I will note that GKMP has been present in
RFC form for several months now.  I will also note that
relevant work by A. Ballardie ("Scalable Multicast Key
Distribution") has been present in RFC form for over a year.
I would suggest citing both the GKMP work and also the
Ballardie work.

Ran
rja@inet.org

---

Follow-Ups:

• Re: IPsec Architecture -- proposed changes
• From: Matt Thomas <matt.thomas@altavista-software.com>
• Re: IPsec Architecture -- proposed changes
• From: Stephen Kent <kent@bbn.com>

References:

• IPsec Architecture -- proposed changes
• From: Karen Seo <kseo@bbn.com>

---

• Prev by Date: RE: SA payloads and Next payload
• Next by Date: Re: IPsec Architecture -- proposed changes
• Prev by thread: Re: IPsec Architecture -- proposed changes
• Next by thread: Re: IPsec Architecture -- proposed changes
• Index(es):
  • Main
  • Thread