[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Position statement on IKE development

To: ipsec@lists.tislabs.com
Subject: Re: Position statement on IKE development
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 4 Aug 2001 22:52:02 GMT
Distribution: isaac
Newsgroups: isaac.lists.ipsec
Organization: University of California, Berkeley
References: <20010804131251.B07AF7B5B@berkshire.research.att.com> <3.0.3.32.20010804144227.00ebdb30@mail>
Sender: owner-ipsec@lists.tislabs.com

Alex Alten  wrote:
>If IKE is no longer considered viable because of it's complexity, then
>I am concerned that the other protocols of IPsec are also at risk.

Why?  The packet-level parts of IPsec are much less complex
(and, partially as a result, have received more scrutiny, as
far as I can tell).

>At this point, to restore confidence in the security of the design I 
>would hope that the IETF will retain the services of a quality 
>cryptanalysis consulting firm and publish the results.  To do otherwise
>will be to risk the discrediting of the entire IPsec standard.

I think this is probably unnecessary.  The main thing that deters
analysis from the academics (from the anecdotes I've heard) is the
complexity of IKE.  If this improves, my guess is that you're likely
to receive better cryptanalysis from the community as a whole than
you'd get from a consulting firm.

Follow-Ups:

Re: Position statement on IKE development

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

References:

Re: Position statement on IKE development

From: "Steven M. Bellovin" <smb@research.att.com>

Re: Position statement on IKE development

From: Alex Alten <Alten@home.com>

Prev by Date: Re: Position statement on IKE development
Next by Date: ESP Encryption Key
Prev by thread: Re: Position statement on IKE development
Next by thread: Re: Position statement on IKE development
Index(es):
- Main
- Thread