Re: Last Call for IPSEC

["Perry E. Metzger" <perry@piermont.com>]

Peter Ford writes:
> My recommendation to the IESG is to pass all BUT the IPSEC Architecture
> document to PS as requested by the working group(I am including AH in this).
> This allows all vendors to claim IETF proposed standards compliance with
> their products.  The architecture document should follow when experience
> with IPSEC fleshes out and can catch up in the standards process at the time
> for movement to Draft standard.

The reason the IETF has "Proposed Standard" status, which then only
slowly moves on to "Draft Standard" and then "Standard", is so that
people can get time and experience with things. We've already held up
these documents for five years. What possible purpose could there be
to adding additional delay over that already imposed by the standards
process itself?

> The collection of standards and the "MUSTS" in the IPSEC Architecture
> document make the minimal standards compliant implementation very large.
> For example: AH+ESP, tunnel+transport modes, DES+NULL+3DES, SHA+MD-5,
> Manual+Certs, result in way to many options mandated for managing the system
> in the Architecture doc.

This simply isn't true. There are several implementations out there
already, and they aren't huge. (ISAKMP is another matter, but the
IPSEC layer itself isn't that big).


Perry

---

References:

• Last Call for IPSEC
• From: Peter Ford <peterf@microsoft.com>

---

• Prev by Date: Re: a simple question, I hope. Why do we need tunnel mode?
• Next by Date: Re: ESP Pad byte changes
• Prev by thread: Last Call for IPSEC
• Next by thread: Re: Last Call for IPSEC
• Index(es):
  • Main
  • Thread