Re: Position statement on IKE development

[Bernard Aboba <aboba@internaut.com>]

> Let's hold an international design competition to select a key 
> management protocol for IPSec in a manner similar to how NIST did
> the AES selection (although I hope it takes less than 5 years).
> Once we get to a final 5, then let's cryptanalyze them and select
> the best one.  In this manner hopefully we can avoid a 2nd debacle.
> 

In practice, such a competition is being held every day in the offices of
customers. The problem is that the contenders are proprietary versions of
IKE (IKE's evil sisters), that there is no cryptanalysis available, and
that the decision criteria and selection are not openly discussed. 

I can state from experience that the "Cinderella IKE" that we now seek to
shelter rarely wins these private beauty contests against the evil
sisters. This is in part, because it is not a good match to customer
requirements such as the need for NAT friendliness and a viable
shared-secret authentication mode. 

It seems to me that unless we can find a "glass slipper" for Cinderella
IKE, that it will languish as the evil sisters grow stronger and more
popular. While we might not like this outcome, or feel that it is "right",
the evidence is to strong to ignore. Cinderella IKE just isn't being
invited to the ball.

---

References:

• Re: Position statement on IKE development
• From: Bill Sommerfeld <sommerfeld@East.Sun.COM>

---

• Prev by Date: Re: Position statement on IKE development
• Next by Date: Information needed on AND and OR SB's
• Prev by thread: Re: Position statement on IKE development
• Next by thread: Re: Position statement on IKE development
• Index(es):
  • Main
  • Thread