[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC WORKING GROUP LAST CALL

To: dharkins@cisco.com
Subject: Re: IPSEC WORKING GROUP LAST CALL
From: Paul Koning <pkoning@xedia.com>
Date: Mon, 2 Mar 1998 09:48:35 -0500
Cc: ipsec@tis.com
References: <3.0.3.32.19980227225721.00973710@netcom.com><199802280707.XAA11273@dharkins-ss20.cisco.com>
Sender: owner-ipsec@ex.tis.com

>>>>> "Daniel" == Daniel Harkins <dharkins@cisco.com> writes:

 >> >>>>1. No data recovery of an encrypted IP datagram payload.
 >> >>>This is a feature, not a bug, by strong consensus...  >> >>I
 >> understand this.  I am certain that this requirement will not
 >> change for >>the forseeable future, regardless of our consensus.
 >> I am also certain that >>this requirement can be met, in a manner
 >> that would satisfy our community...  > >A significant fraction of
 >> the community will not be satisfied by any >protocol which
 >> incorporates key recovery.  The objection is not to the >technical
 >> details of key recovery, but to its presence in any form.  >
 >> 
 >> My view is that it's just another tool to be used to solve certain
 >> types of problems.  Whether you realize it or not, we have been
 >> outmaneuvered by other communities with different desires.

 Daniel> It's not really "outmaneuvered"; it's more like conceding the
 Daniel> low-ground.  The only justification for key recovery in a
 Daniel> communications product (as opposed to a stored-data product)
 Daniel> is to facillitate evesdropping. We don't want to "solve" that
 Daniel> problem-- and in fact don't view lack of key recovery as a
 Daniel> problem in the first place!

I agree.  We should strive to keep IPSec useful.

RFC 1984 is worth reading in this context.

	paul

Prev by Date: Re: IPSEC tunnels and Mobile IP
Next by Date: Re: IPSEC tunnels and Mobile IP
Prev by thread: Re: IPSEC WORKING GROUP LAST CALL
Next by thread: Re: IPSEC tunnels and Mobile IP
Index(es):
- Main
- Thread