[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bruce Schneier on IPsec

To: Hugo Krawczyk <hugo@ee.technion.ac.il>
Subject: Re: Bruce Schneier on IPsec
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Thu, 20 Jan 2000 09:16:51 -0800
CC: IP Security List <ipsec@lists.tislabs.com>
Organization: RedCreek Communications
References: <Pine.SOL.3.93.1000120150238.19495C-100000@ee.technion.ac.il>
Sender: owner-ipsec@lists.tislabs.com

Hugo Krawczyk wrote:

<significantly trimmed...>

> PS: After defending ipsec for once, I'd like to see also openess in the group
> for changes that significantly improve the quality of the protocols
> even at the cost of hurting some existing implementations (and the sooner
> things are fixed the better).
> We can start with many issues that [FS] point out (and other that
> were discussed in this list) that can be "resolved" by textual clarifications,
> and then proceed to the fixes that also require changing the
> "bits on the wire".

I agree with this sentiment, and also with Paul Koning's comments on
this topic. There are some errors and misconceptions in the paper, but
there is much of substance, as we all know. It is a normal part of the
IETF process to modify developing standards as a result of
implementation experience and analysis, and we know that IKE is already
undergoing modifications for this very reason. While it may be expensive
for companies deploying such early implementations to modify them, I
think this is a price we must pay to play.

Scott

References:

Re: Bruce Schneier on IPsec

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: RE: Phase 1 KB lifetime
Next by Date: Re: Deflate issue
Prev by thread: Re: Bruce Schneier on IPsec
Next by thread: Re: Bruce Schneier on IPsec
Index(es):
- Main
- Thread