[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC WORKING GROUP LAST CALL
>>>>> "Daniel" == Daniel Harkins <dharkins@cisco.com> writes:
>> >>>>1. No data recovery of an encrypted IP datagram payload.
>> >>>This is a feature, not a bug, by strong consensus... >> >>I
>> understand this. I am certain that this requirement will not
>> change for >>the forseeable future, regardless of our consensus.
>> I am also certain that >>this requirement can be met, in a manner
>> that would satisfy our community... > >A significant fraction of
>> the community will not be satisfied by any >protocol which
>> incorporates key recovery. The objection is not to the >technical
>> details of key recovery, but to its presence in any form. >
>>
>> My view is that it's just another tool to be used to solve certain
>> types of problems. Whether you realize it or not, we have been
>> outmaneuvered by other communities with different desires.
Daniel> It's not really "outmaneuvered"; it's more like conceding the
Daniel> low-ground. The only justification for key recovery in a
Daniel> communications product (as opposed to a stored-data product)
Daniel> is to facillitate evesdropping. We don't want to "solve" that
Daniel> problem-- and in fact don't view lack of key recovery as a
Daniel> problem in the first place!
I agree. We should strive to keep IPSec useful.
RFC 1984 is worth reading in this context.
paul