[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: is manual keying mandatory (fwd)

To: "adams@cisco.com" <adams@cisco.com>
Subject: Re: is manual keying mandatory (fwd)
From: "Daniel C. Fox" <dfox@BayNetworks.COM>
Date: Fri, 20 Mar 1998 13:46:22 -0500
CC: "'Robert Moskowitz'" <rgm-sec@htt-consult.com>, "'Jackie Wilson'" <jhwilson@austin.ibm.com>, "'ipsec@tis.com'" <ipsec@tis.com>
Organization: Bay Networks, Inc.
References: <01BD5325.5F8EA080.adams@cisco.com>
Reply-To: dfox@BayNetworks.COM
Sender: owner-ipsec@ex.tis.com

>From a practical standpoint, Diffie-Hellman is extremely expensive in
lessor-powered CPU's, and in an environment where IP interfaces are
coming up and down in a dynamic environment (say PPP over demand-dial
ISDN lines), doing Diffie-Hellman again and again may be more taxing on
the CPU than Triple DES encryption on full throughput.

In such an environment, one can use a different KMP than ISAKMP/Oakley. 
But it would be beneficial to know that a completely inexpensive key
management system (manual keying) is universally supported in all IP
Security implementations.  My customers would then be able to make the
choice themselves whether to go with (relatively expensive) automated
keying or (relatively inexpensive) manual keying, regardless of the
IPSec-capable devices they were interfacing with.

For this reason, I feel it is necessary to keep manual keying support a
MUST.

-- 

Daniel C. Fox                  <dfox@baynetworks.com>
Software Project Leader        Tel:  +1 978-916-4216
Remote Access Server Division  Fax:  +1 978-916-4789
Bay Networks, Inc.             <http://www.baynetworks.com>

References:

RE: is manual keying mandatory (fwd)

From: Rob Adams <adams@cisco.com>

Prev by Date: RE: Summary of issues from RTP
Next by Date: [Marcia Beaulieu: Re: Is it possible to multicast IPSEC]
Prev by thread: RE: is manual keying mandatory (fwd)
Next by thread: Re: is manual keying mandatory (fwd)
Index(es):
- Main
- Thread