[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: charter question re IKE changes

To: "Linn, John" <jlinn@rsasecurity.com>
Subject: Re: charter question re IKE changes
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Wed, 11 Oct 2000 11:08:12 -0400
Cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>, "'ietf-ipsra@vpnc.org'" <ietf-ipsra@vpnc.org>
Sender: owner-ipsec@lists.tislabs.com

In message <F504A8CEE925D411AF4A00508B8BE90A93E26A@exna07.securitydynamics.com>
, "Linn, John" writes:
>I'd like to ask a charter question which relates to both IPsec and IPSRA
>WGs.  IPSRA, based on IESG inputs, has been operating under the premise that
>its work should not impact IKE's syntax or semantics if feasibly avoidable,
>with a strong preference to work instead alongside IKE as currently defined.
>This premise has constrained the design space for candidate IPSRA proposals.
>Recent discussion on IPsec has suggested significant changes to IKE,
>potentially removing or replacing authentication modes. Question: If IKE's
>definition is to be reopened within IPsec, should IPSRA's admissible design
>space continue to be constrained by RFC-2409?

Yes.

Most of the talk here has been about removing things, not adding more.  
IPSRA would need to add more.

		--Steve Bellovin

Prev by Date: Re: ike and secure DNS
Next by Date: Re: ike and secure DNS
Prev by thread: charter question re IKE changes
Next by thread: RE: charter question re IKE changes
Index(es):
- Main
- Thread