Re: Simplifying IKE (was RE: Reliable delete notifies)

[Jan Vilhuber <vilhuber@cisco.com>]

On Thu, 12 Oct 2000, Henry Spencer wrote:

> On Thu, 12 Oct 2000, Sami Vaarala wrote:
> > ...That might be.  But is someone actually planning to implement two
> > key management protocols on top of the *same* isakmp code?  From my
> > experience there are enough dependencies between ISAKMP and IKE to
> > make such isolation difficult and probably unwise, too.
> 
> Realistically, anyone designing a new key-management protocol would have
> to be out of his mind to base it on ISAKMP. 
> 
I don't consider myself out of my mind, but opinions vary on that.

I certainly didn't consider ISAKMP in toto for some stuff I had been working
on, but having well-defined payload-formats saves me from having to reinvent
the wheel. Afterall, that's not where we've seen problems in IKE. The
problems in IKE stem more from differing interpretations of the semantics and
use of payloads and exchanges, rather than the message formats in ISAKMP.

My original goal for KKMP (now KINK) was to use a stripped down version of
quick-mode, using kerberos merely as the 'secure transport' if you so will.

Possibly out of his mind, but generally too lazy to reinvent the wheel,
jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

---

References:

• Re: Simplifying IKE (was RE: Reliable delete notifies)
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: RE: Simplifying IKE (was RE: Reliable delete notifies)
• Next by Date: Getting focus for son-of-IKE
• Prev by thread: Re: Simplifying IKE (was RE: Reliable delete notifies)
• Next by thread: Re: Simplifying IKE (was RE: Reliable delete notifies)
• Index(es):
  • Main
  • Thread