[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE (was RE: Reliable delete notifies)
> > I'm not sure that merging the big 3 documents will actually make
> > IKE easier to understand. ISAKMP is fine as it is, as far as I'm
> > concerned. Merging IKE
>
>It probably will. But there is one thing that I'm worried about:
>merging all in one document may close the doors to independently
>enhance protocol parts - every such attempt will require updating of
>this big document. Currently ISAKMP defines the framework in which
>different key management protocols may be defined. Nowdays IKE is the
>only of such protocols, but the room for others is still here.
>Combining everything into one document will probably mean "IKE
>forever" - the approach that I'm not too happy about.
That might be. But is someone actually planning to implement two
key management protocols on top of the *same* isakmp code? From my
experience there are enough dependencies between ISAKMP and IKE to
make such isolation difficult and probably unwise, too.
As a framework for specifying the new protocols, ISAKMP is fine
(it could be less ambiguous though). But I don't think there will
be too much code sharing between the different key management
protocols one could build into the ISAKMP framework. And if not,
I am not sure there is enough justification not to roll the ISAKMP
stuff into a new IKE specification. That should clear a lot of
ambiguities that are a result of artificial separation of the two
specifications.
Sami
--
Sami Vaarala / Pygmy Projects - We make it small!
www.iki.fi/~silvere /
/ No matter where you go, there you are.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
Follow-Ups: