[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lack of negotiation capability (was RE: Phase 1 Re-keying Implementation Identification)

To: ipsec@lists.tislabs.com
Subject: Lack of negotiation capability (was RE: Phase 1 Re-keying Implementation Identification)
From: Andrew Krywaniuk <akrywaniuk@TimeStep.com>
Date: Fri, 19 Nov 1999 22:36:48 -0500
Sender: owner-ipsec@lists.tislabs.com

I think we're hitting a roadblock in the development of IKE. It seems like
we can't develop new features because there is no feature negotiation
capability in IKE. How can we expect a feature to gain support if no one can
implement it and use it because it is not standardized?

Look at how the dangling phase 2 vs. continuous channel implementation got
resolved. It wasn't that after an enlightened, intellectual chat, everyone
agreed that dangling phase 2s were better. Basically what happened is that
both groups released their products, they didn't work well together, and the
dangling implementations prevailed because they were the lowest common
denominator.

Anyone who waits for all the drafts to become RFCs before implementing them
is going to get killed in the marketplace. Currently, whenever we develop a
new feature that has not been standardized, that feature has to be enabled
by policy which is set manually on both sides (which is a bitch to manage).
Hindering interoperability between vendors who show initiative is tantamount
to discouraging innovation.

Andrew
_______________________________________________
 Beauty without truth is insubstantial.
 Truth without beauty is unbearable.

Follow-Ups:

Re: Lack of negotiation capability (was RE: Phase 1 Re-keying Implementation Identification)

From: "Scott G. Kelly" <sgkelly@ix.netcom.com>

Prev by Date: RE: Error recovery?
Next by Date: Re : Error recovery ?
Prev by thread: Re: FBI secret police FAQ#1
Next by thread: Re: Lack of negotiation capability (was RE: Phase 1 Re-keying Implementation Identification)
Index(es):
- Main
- Thread