[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reliable delete notifies

To: Ben McCann <bmccann@indusriver.com>
Subject: Re: Reliable delete notifies
From: Dan Harkins <dharkins@cips.nokia.com>
Date: Sat, 07 Oct 2000 09:58:20 -0700
cc: ipsec <ipsec@lists.tislabs.com>
In-reply-to: Your message of "Sat, 07 Oct 2000 09:44:47 EDT." <39DF28CF.29F19E3E@indusriver.com>
Sender: owner-ipsec@lists.tislabs.com

  Hi Ben,

  The reason we have the mess we have today is because I tried to
make IKE be all things for all people. Every suggesstion or whim
was seriously entertained and no one complained until we reached
Last Call and at that point the Working Group decided to avoid
changes because the entire set of I-Ds-- including the architecture 
draft, the AH draft, the ESP draft, etc-- would've been held up.

  We have Aggressive Mode because people complained about having
to do a 6 message exchange just to get an authticated secret
between the two peers. Given certain assumptions, SKIP could
just start sending IPsec-protected packets immediately! But
Aggressive Mode doesn't protect the identities from passive
snooping and it was suggested to me to do away with it because
6 messages (well, 9 actually) has turned out to be not that
big of a deal-- Aggressive Mode is not necessary.

  But you bring up a good point. As it turns out Aggressive 
Mode does have a use. I'd like to clarify, though, that you 
can still use pre-shared keys without Aggressive Mode, you
just can't do it from random, unknown IP addresses. 

  I'm doing this work for the Working Group and I can't just
unilaterally declare that Aggressive Mode is out. I was 
noting that it's out of my drafty-draft. If the Working Group
wants Aggressive Mode in the protocol then it is in. So let's
start a discussion. Does the Working Group want to keep
Aggressive Mode? Is Aggressive Mode "standards bloat" or
is it a necessary addition to do what Ben wants to do?

  Dan.

On Sat, 07 Oct 2000 09:44:47 EDT you wrote
> Dan,
> 
> > For instance, one of the public key authentication methods will be removed
> > as will Aggressive Mode and most of the ISAKMP exchanges defined in
> > RFC2408. 
> 
> Why do you plan to remove Aggressive Mode? It is the only way to
> use ID's other than IP addresses with pre-shared keys. Before I
> get flamed, I agree that pre-shared keys are inferior to certs
> and that identity protection is highly desirable, but, are they
> so desirable that an entire mode of operation has to be deleted?
> 
> -Ben McCann
> 
> -- 
> Ben McCann                              Indus River Networks
>                                         31 Nagog Park
>                                         Acton, MA, 01720
> email: bmccann@indusriver.com           web: www.indusriver.com 
> phone: (978) 266-8140                   fax: (978) 266-8111

Follow-Ups:

Re: Reliable delete notifies

From: Sandy Harris <sandy@storm.ca>

Re: Reliable delete notifies

From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>

Re: Reliable delete notifies

From: Tero Kivinen <kivinen@ssh.fi>

Re: Reliable delete notifies

From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

Re: Reliable delete notifies

From: Henry Spencer <henry@spsystems.net>

References:

Re: Reliable delete notifies

From: Ben McCann <bmccann@indusriver.com>

Prev by Date: Re: Reliable delete notifies
Next by Date: Re: Reliable delete notifies
Prev by thread: Re: Reliable delete notifies
Next by thread: Re: Reliable delete notifies
Index(es):
- Main
- Thread