[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: Security Architecture for the Internet Protocol to

To: Peter Ford <peterf@microsoft.com>, "'Steve Bellovin'" <smb@research.att.com>, "'Dan McDonald'" <danmcd@Eng.Sun.Com>
Subject: RE: Last Call: Security Architecture for the Internet Protocol to
From: Alex Alten <Andrade@ix.netcom.com>
Date: Sat, 28 Mar 1998 21:55:11 -0800
Cc: "'baiju.v.patel@intel.com'" <baiju.v.patel@intel.com>, "'iesg@ns.ietf.org'" <iesg@ns.ietf.org>, "'ipsec@tis.com'" <ipsec@tis.com>
In-Reply-To: <8D8EF175E72CD111805800805F3198EE03925D4B@red-msg-46.dns.microsoft.com>
Sender: owner-ipsec@ex.tis.com

At 12:28 PM 3/27/98 -0800, Peter Ford wrote:
>
>Steve,
>
>>All that notwithstanding, this is not a new issue.  We've been over
>> this ground before in the working group.  Several of us, myself
>> included, suggested deleting AH.  We lost.  Fine; so be it.  Let's ship
>> the documents and be done with it.
>
>No, saying that it is fine is not okay given that there is now an order more
>experience in building these implementations and from my own personal
>polling the utility of some of this stuff  is questionable (I am picking on
>AH as a tanglible large item to jettison from this ark).   No one is stopped
>from building and shipping product; the documents should be right, not
>expedient.
>

As you know I posted a list of my key objections to IPSEC.  It is interesting
to see how other's like Greg Minshall and yourself are finding problems very 
similiar to some of the ones I noted.  However at this point I will back Steve
Bellovin on saying let's ship it.  One of the great things about the IETF 
standards process is that a new protocol must prove itself out in the cold, 
cruel world.  If this is a good design, then it will do well.  It not, then we
will all probably know it within two years.  After having participated
somewhat
in one of the three attempts at SNMP security, I suspect that we might have a 
ways to go yet with designing and implementing IP security.  As an analogy, 
even the US Constitution of 1787 (ratified in 1788) was the final product
of a 
prior failed attempt, the Articles of Confederation of 1777 (ratified in
1781), 
and as the result of experience with several state constitutions, in
particular 
the New York Constitution of 1777.

- Alex

P.S. Thank you Phil Karn for your succinct explanation of the underlying
original
     design objectives of IPSEC.  This explains the strong bias for
host-to-host 
     security.
--
Alex Alten
Andrade@Netcom.Com
P.O. Box 11406
Pleasanton, CA  94588  USA
(510) 417-0159

References:

RE: Last Call: Security Architecture for the Internet Protocol to

From: Peter Ford <peterf@microsoft.com>

Prev by Date: Re: is manual keying mandatory (fwd)
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to
Next by thread: Do we need ?
Index(es):
- Main
- Thread