Re: Position statement on IKE development

[Alex Alten <Alten@home.com>]

Unfortunately what you and I think probably doesn't matter.  What matters
is that end user customers will hear that IPsec's IKE is broken, and they
will then ask themselves the question, is all of IPsec also broken?  It's 
anyone's guess as to how this will play out in the VPN markets, etc.

My own personal question is why the IPsec working group did not have a 
thorough cryptanalysis done by professionals, say by an outfit like ISSI,
before the standards were issued?

- Alex


At 03:41 PM 8/3/2001 -0400, Henry Spencer wrote:
>On Fri, 3 Aug 2001, Alex Alten wrote:
>> BTW Henry,
>> The issue is not that parts of IPsec are superfluous.  
>> The question is if IKE is broken then is IPsec also broken?  
>
>That depends somewhat on exactly what you mean by "IPsec", which is why I
>specifically referred to "the packet-level parts".  I don't think there is
>much wrong with the packet-level stuff except for a few too many useless
>options and alternatives.  The key-management ugliness doesn't seem to me
>to have spilled over into the packet level (at least partly because the
>packet-level work was nearly finished before key management came to the 
>fore). 
>
>                                                          Henry Spencer
>                                                       henry@spsystems.net
>
>
--

Alex Alten

Alten@Home.Com

---

Follow-Ups:

• Re: Position statement on IKE development
• From: Rick Smith at Secure Computing <rick_smith@securecomputing.com>

References:

• Re: Position statement on IKE development
• From: Alex Alten <Alten@home.com>
• Re: Position statement on IKE development
• From: Henry Spencer <henry@spsystems.net>

---

• Prev by Date: Re: Position statement on IKE development
• Next by Date: RE: Position statement on IKE development
• Prev by thread: Re: Position statement on IKE development
• Next by thread: Re: Position statement on IKE development
• Index(es):
  • Main
  • Thread