[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: is manual keying mandatory

To: ipsec@tis.com
Subject: RE: is manual keying mandatory
From: bede@mitre.org (Bede McCall)
Date: Thu, 19 Mar 1998 17:28:15 -0500 (EST)
Sender: owner-ipsec@ex.tis.com

This "MUST" is a non-issue at this point, having been beaten to
a pulp, so there is really no point in arguing the reasons behind the
"MUST" decision once again.  Nonetheless, at the risk of continuing a
completed debate I'll summarize:  the cost of implementing manual
keying is essentially nil, having been the first thing most developers
did anyway, and it's potentially a very useful and powerful admin tool
for products after they've been fielded.  Furthermore, having it
guarantees there will always be some (albeit rudimentary, like static
ARP entries) form of keying available to your IPSEC.  The requirement
to support some form of automatic keying for compliance is in addition
to, not a replacement for, the manual keying requirement.

-- 
  Bede McCall   <bede@mitre.org>
  The MITRE Corporation                    Tel: (781) 271-2839
  202 Burlington Road                      FAX: (781) 271-2423
  Bedford, Massachusetts  01730-1420

Prev by Date: Re: is manual keying mandatory
Next by Date: Re: is manual keying mandatory
Prev by thread: Re: is manual keying mandatory
Next by thread: Re: is manual keying mandatory
Index(es):
- Main
- Thread