Re: is manual keying mandatory

[Dave Carrel <carrel@ipsec.org>]

> > Can you give any reason why
> > you CAN NOT do manual keying??
> 
> Here are the reasons:
> - there is no "standard" key distribution mechanism for symmetric keys (I gue
>       ss I
> can get on the phone with another guy and negotiate key values)
> - there is no "standard" mechanism for negotiation key lifetimes (should I al
>       so
> use the phone?)
> - how to re-key? - (get on the phone again?)
> - what is the encapsulation context - tunnel/transport? (my phone bill is get
>       ting
> higher?)
> etc, etc, etc.

These are all good reasons for why you don't WANT to base a product on
manual keying.  But every time you tried to give a reason why you can't do
it, you have included in parentheses an example of how you COULD do it.  So
in other words, you have not answered the question nor contributed anything
new to the discussion.  We all know why manual keying doesn't scale and we
all know why it's impractical in most real world situations.

The point isn't that manual keying is a great thing.  (I don't personally
think it needs to be in the documents.  BUT IT IS!  And I know that
everyone could actually implement if they would just stop whining.)  The
point is that it can be done and we need to stop trying to find one more
reason to delay the documents.

'nuff said.

Dave

---

Follow-Ups:

• Re: is manual keying mandatory
• From: Bronislav Kavsan <bkavsan@ire-ma.com>

References:

• Re: is manual keying mandatory
• From: Bronislav Kavsan <bkavsan@ire-ma.com>

---

• Prev by Date: Re: Please review draft-ietf-pppext-l2tp-sec-03.txt
• Next by Date: RE: is manual keying mandatory
• Prev by thread: Re: is manual keying mandatory
• Next by thread: Re: is manual keying mandatory
• Index(es):
  • Main
  • Thread