[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH? (was: Reasons for AH & ESP )



At 12:59 PM 6/2/2000 -0700, Derrell D. Piper wrote:

>I fully support a IPSecond effort to clean up this and several other problems
>in the overall architecture.  We now have three years of implementation and
>operational experience with IPSec and IKE and this is one of the things that
>should be cleaned up.  However, I still would not support this if this were
>the sole reason we were to be contemplating opening up the RFC's...

I will bow to the chair, but I seem to recall that pruning is something 
that can be done and still progress to draft.  So though removing AH might 
seem to be rather major surgery ( :), it might be acceptable to the IESG.

You mention several other problems.  Perhaps you could start your own 
thread on them :)'

Gee I don't liek the way IKE doesn't really define approaches for lifetimes 
for the ISAKMP SA.  Results in interop challenges......



Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com