[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Position statement on IKE development




Quoting Marcus, Jeff and Steve:

"The Security Area Directors have asked the IPSEC working group to come
up with a replacement for IKE. This work is underway and is known in
the community as "Son of IKE". "

"If IKE is vulnerable, we must all share a burden of responsibility for
allowing it to get to the state it is in and we must all work together
to correct the problems."

OK. IKE is not technically broken. But it sure sounds like someone
is worried.  Otherwise why bother with a replacement for IKE?

It's rather ironic that the 802.11 wireless key management was broken
just recently as well.

- Alex

At 02:58 PM 8/3/2001 -0700, Dan Harkins wrote:
>On Fri, 03 Aug 2001 11:24:14 PDT you wrote
>> 
>> BTW Henry,
>> 
>> The issue is not that parts of IPsec are superfluous.  
>> 
>> The question is if IKE is broken then is IPsec also broken?  
>> 
>> - Alex
>
>No, of course not. 
>
>And you are assuming that IKE is broken. What has been noted by all the
>analysis mentiond so far is that IKE is too complex to know whether it
>is broken or not. The effort is to make it less complex, get rid of
>unnecessary and unused options, get rid of the inconsistent and sometimes
>contradictory verbage between the 3 RFCs, and make it a specification of 
>a key management protocol for IPsec and IPsec only instead of the current 
>instantiation (RFC2407) of a protocol framework (RFC2409) of a generic 
>language (RFC2408). 
>
>  Dan.
>
>
>
>
>
--

Alex Alten

Alten@Home.Com




Follow-Ups: References: