[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: is manual keying mandatory
This "MUST" is a non-issue at this point, having been beaten to
a pulp, so there is really no point in arguing the reasons behind the
"MUST" decision once again. Nonetheless, at the risk of continuing a
completed debate I'll summarize: the cost of implementing manual
keying is essentially nil, having been the first thing most developers
did anyway, and it's potentially a very useful and powerful admin tool
for products after they've been fielded. Furthermore, having it
guarantees there will always be some (albeit rudimentary, like static
ARP entries) form of keying available to your IPSEC. The requirement
to support some form of automatic keying for compliance is in addition
to, not a replacement for, the manual keying requirement.
--
Bede McCall <bede@mitre.org>
The MITRE Corporation Tel: (781) 271-2839
202 Burlington Road FAX: (781) 271-2423
Bedford, Massachusetts 01730-1420