[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC WORKING GROUP LAST CALL
Alex Alten writes:
> IPSEC WG,
>
> These are my main technical criticisms of the current set of IPSEC
> documents.
>
> 1. No data recovery of an encrypted IP datagram payload.
>
> Regardless of the merits of the design by not supporting this
> requirement it will probably kill IPSEC as a viable Internet
> standard.
"Data Recovery" would obviate the ability of IPSec to function as a
security standard, as if you can recover the data without recourse to
the cryptographic keys, you have not provided security.
> 3. IPSEC does not properly fit with the IP routing model.
>
> It force fits the concept of a security session (SA) onto the IP
> datagram routing model.
Huh?
Have you read the documents?
> 4. The design is too complex
Can you describe a simpler design than encapsulation?
.pm
References: