Re: Two issues: AH death, and SA identification

[Stephen Kent <kent@bbn.com>]

At 3:12 PM -0400 4/3/01, Derek Atkins wrote:
>Stephen Kent <kent@bbn.com> writes:
>
>>  True, but the IPsec architecture encompasses multiple protocols, and
>>  may become more IKE dependant in the future, to better coordinate
>>  with IKE.
>
>>  Steve
>
>Speaking as the chair of the KINK WG, I certainly hope that IPSec does
>not become more dependent on IKE.  Having multiple keying methods is a
>Good Thing (TM), and the clear split between ESP/AH and the keying
>method was a good decision.  I would hate to see that choice reversed.

Negotiation of SA parameters is an SA management function, though not 
necessarily a key management function. We have disconnects today 
between IKE capabilities and IPsec architecture. I want to close 
those gaps in the next rev, and not by reducing IPsec functionality.

Perhaps what I should say is that I want to specify more concretely 
what an SA management protocol must provide for IPsec, whether that 
protocol is IKE or not.

Steve

---

Follow-Ups:

• Re: Two issues: AH death, and SA identification
• From: Derek Atkins <warlord@mit.edu>

References:

• Re: Two issues: AH death, and SA identification
• From: Stephen Kent <kent@bbn.com>
• Re: Two issues: AH death, and SA identification
• From: Derek Atkins <warlord@mit.edu>

---

• Prev by Date: Re: Two issues: AH death, and SA identification
• Next by Date: Re: Two issues: AH death, and SA identification
• Prev by thread: Re: Two issues: AH death, and SA identification
• Next by thread: Re: Two issues: AH death, and SA identification
• Index(es):
  • Main
  • Thread