[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: is manual keying mandatory (fwd)
I agree. It will be some time before all boxes support ISAKMP, but
they will need to be included in secure networks. This will help
customers adopt ISAKMP as a standard if it is widely available.
In a few years it could probably be phased out.
Jackie
Bill Sommerfeld wrote:
> From owner-ipsec@portal.ex.tis.com Wed Mar 18 18:11:53 1998
> Message-Id: <199803182344.XAA14394@orchard.arlington.ma.us>
> To: "IPSEC Mailing List (E-mail)" <ipsec@tis.com>
> Subject: Re: is manual keying mandatory
> In-reply-to: Your message of "Wed, 18 Mar 1998 13:51:35 -0800 ."
> <E301AC63A589D111B63100805F15808901000C18@red-msg-07.dns.microsoft.com>
> Date: Wed, 18 Mar 1998 18:44:22 -0500
> From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
> Sender: owner-ipsec@ex.tis.com
> Precedence: bulk
>
> I feel strongly that manual keying should continue to be a MUST.
>
> There are going to be some times when the full complexity of ISAKMP
> won't be necessary; having manual keying universally available will
> improve interoperability and configurability in those situations...
>
> It also leaves makes more room for experimentation with new key
> management techniques, since a new key management system can be
> grafted on through the "manual" key management interface.
>
> It's also useful in testing to ensure that the transforms, etc., are
> in a position to really reject things like weak keys.
>
> All in all, it makes for a more open, modular system.
>
> - Bill
>
--
Jacqueline Wilson | Phn: (512) 838-2702
IBM, AIX/6000 | Fax: (512) 838-3509
11400 Burnet Road ZIP 9551 | Ext: 8-2702 Tie-Line: 678
Austin, TX 78758-3493 | inet: jhwilson@austin.ibm.com
Follow-Ups: