[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Position statement on IKE development

To: Alex Alten <Alten@home.com>
Subject: Re: Position statement on IKE development
From: Dan Harkins <dharkins@lounge.org>
Date: Fri, 03 Aug 2001 14:58:59 -0700
Cc: Henry Spencer <henry@spsystems.net>, Marcus Leech <mleech@nortelnetworks.com>, msec@securemulticast.org, ietf-ipsra@vpnc.org, ipsec-policy@vpnc.org, ipsec@lists.tislabs.com
In-Reply-To: Your message of "Fri, 03 Aug 2001 11:24:14 PDT." <3.0.3.32.20010803112414.00eadaa0@mail>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 03 Aug 2001 11:24:14 PDT you wrote
> 
> BTW Henry,
> 
> The issue is not that parts of IPsec are superfluous.  
> 
> The question is if IKE is broken then is IPsec also broken?  
> 
> - Alex

No, of course not. 

And you are assuming that IKE is broken. What has been noted by all the
analysis mentiond so far is that IKE is too complex to know whether it
is broken or not. The effort is to make it less complex, get rid of
unnecessary and unused options, get rid of the inconsistent and sometimes
contradictory verbage between the 3 RFCs, and make it a specification of 
a key management protocol for IPsec and IPsec only instead of the current 
instantiation (RFC2407) of a protocol framework (RFC2409) of a generic 
language (RFC2408). 

  Dan.

Follow-Ups:

Re: Position statement on IKE development

From: Alex Alten <Alten@home.com>

References:

Re: Position statement on IKE development

From: Alex Alten <Alten@home.com>

Prev by Date: Re: Position statement on IKE development
Next by Date: RE: IPSec performance statistics
Prev by thread: Re: Position statement on IKE development
Next by thread: Re: Position statement on IKE development
Index(es):
- Main
- Thread