[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: is manual keying mandatory (fwd)

To: Jackie Wilson <jhwilson@austin.ibm.com>, ipsec@tis.com
Subject: Re: is manual keying mandatory (fwd)
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Thu, 19 Mar 1998 11:35:50 -0500
In-Reply-To: <199803190509.XAA26210@jhwilson.austin.ibm.com>
Sender: owner-ipsec@ex.tis.com

At 11:09 PM 3/18/98 -0600, Jackie Wilson wrote:
>I agree.  It will be some time before all boxes support ISAKMP, but
>they will need to be included in secure networks.  This will help
>customers adopt ISAKMP as a standard if it is widely available.

Jackie, I disagree with you as to the above reason, in general.  Or perhaps
you are thinking as I, but use different verbage.  Some KMP is needed to
rekey sessions.  As an ex-network support person, I would not want to
deploy non-rekeyable technology anymore except for certain imbedded systems
that are either: already running in a semi-secure environment, or are still
just too limited to support the cost of IKE code.  (think about what it
takes to protect a system from electric leaks under your car hood and you
might get some ideas about cost overruns).

>In a few years it could probably be phased out.

In time IKE preshared MIGHT be universally available, but to play with
other KMPs, manual keying is important.

Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

References:

Re: is manual keying mandatory (fwd)

From: Jackie Wilson <jhwilson@austin.ibm.com>

Prev by Date: Re: is manual keying mandatory
Next by Date: Re: is manual keying mandatory (fwd)
Prev by thread: Re: is manual keying mandatory (fwd)
Next by thread: Re: is manual keying mandatory (fwd)
Index(es):
- Main
- Thread