[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: is manual keying mandatory

To: bkavsan@ire-ma.com
Subject: Re: is manual keying mandatory
From: EKR <ekr@terisa.com>
Date: 23 Mar 1998 14:54:08 -0800
Cc: Dave Carrel <carrel@ipsec.org>, Steve Sneddon <sned@cisco.com>, "Theodore Y. Ts'o" <tytso@MIT.EDU>, ipsec@tis.com
In-Reply-To: Bronislav Kavsan's message of "Mon, 23 Mar 1998 17:07:16 -0500"
References: <199803232019.MAA28635@weenie.redbacknetworks.com> <3516DD14.D23C6BDE@ire-ma.com>
Sender: owner-ipsec@ex.tis.com

Bronislav Kavsan <bkavsan@ire-ma.com> writes:
> Here are the reasons:
> - there is no "standard" key distribution mechanism for symmetric keys (I guess I
> can get on the phone with another guy and negotiate key values)
> - there is no "standard" mechanism for negotiation key lifetimes (should I also
> use the phone?)
> - how to re-key? - (get on the phone again?)
> - what is the encapsulation context - tunnel/transport? (my phone bill is getting
> higher?)
> etc, etc, etc.
These are operational reasons why it's inconvenient for USERS to do
manual keying. They don't have anything to do with why implementers
can't do manual keying, which is the question at hand.

What, precisely, is so incredibly difficult about adding this to
one's implementation that people are willing to make a big deal over
this, instead of just letting the settled issue stay settled?

-Ekr

-- 
[Eric Rescorla                             Terisa Systems, Inc.]
		"Put it in the top slot."

References:

Re: is manual keying mandatory

From: Dave Carrel <carrel@ipsec.org>

Re: is manual keying mandatory

From: Bronislav Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: is manual keying mandatory
Next by Date: RE: is manual keying mandatory
Prev by thread: Re: is manual keying mandatory
Next by thread: Re: is manual keying mandatory
Index(es):
- Main
- Thread