[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Two issues: AH death, and SA identification
At 3:12 PM -0400 4/3/01, Derek Atkins wrote:
>Stephen Kent <kent@bbn.com> writes:
>
>> True, but the IPsec architecture encompasses multiple protocols, and
>> may become more IKE dependant in the future, to better coordinate
>> with IKE.
>
>> Steve
>
>Speaking as the chair of the KINK WG, I certainly hope that IPSec does
>not become more dependent on IKE. Having multiple keying methods is a
>Good Thing (TM), and the clear split between ESP/AH and the keying
>method was a good decision. I would hate to see that choice reversed.
Negotiation of SA parameters is an SA management function, though not
necessarily a key management function. We have disconnects today
between IKE capabilities and IPsec architecture. I want to close
those gaps in the next rev, and not by reducing IPsec functionality.
Perhaps what I should say is that I want to specify more concretely
what an SA management protocol must provide for IPsec, whether that
protocol is IKE or not.
Steve
Follow-Ups:
References: