[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE must have no Heirs
>
> So, what do we propose to those that are using IKE right now (like
> customers). Oops, sorry, its too complex. Maybe next time?
>
This is precisely why many vendors will probably not move to a simplified
IKE implementation that adds no new features. Once the vendors have been
through the pain of getting the interoperability issues resolved, why would
they attempt to cut out major sections of working code? IMHO, the only
group that a simplified IKE implementation helps is vendors looking to
deploy their first implementation of IKE. If the simplified IKE also added
some critical new features which many vendors have already deployed
proprietary solutions for (NAT traversal, user authentication, keepalives,
etc.) then vendors might have some motivation to re-code existing
implemenations with a new standardized version.
> I suggest that we look at the documents that describe the
> improvements, and
> ask the implementors (the ones confused by the complexity)
> how the standards
> body can work to make their job easier (A clearly defined
> state machine
> would be nice, with less SHOULDs' and more MUSTs).
>
> Also, any changes should keep in mind an easy transition to
> "Son of Ike" so
> that deploying the less complex version of IKE, does not create more
> complexity.
>
I think users will only deploy Son of IKE if it solves all the open
requirements, not if it just simplifies IKE and adds a single feature like
NAT traversal. There seems to be a big rift between what the IPSEC and
IPSRA WGs are doing, and what the vendors are doing on their own.
Mike Horn
> Scott
> ----- Original Message -----
> From: "Alex Alten" <Alten@home.com>
> To: "Chris Trobridge" <CTrobridge@baltimore.com>
> Cc: <ipsec@lists.tislabs.com>
> Sent: Tuesday, August 07, 2001 2:05 AM
> Subject: RE: IKE must have no Heirs
>
>
> > Think about it. Do you do OSPF over IP and then BGP over UDP?
> > The same applies to IPSEC and key management.
> >
> > - Alex
> >
> > At 09:22 AM 8/7/2001 +0100, Chris Trobridge wrote:
> > >
> > >
> > >> -----Original Message-----
> > >> From: Alex Alten [mailto:Alten@home.com]
> > >> Sent: 07 August 2001 08:28
> > >> To: Kory Hamzeh; Hallam-Baker, Phillip
> > >> Cc: 'mcnelson@mindspring.com'; ipsec@lists.tislabs.com
> > >> Subject: Re: IKE must have no Heirs
> > >>
> > >>
> > >>
> > >> I second the motion. And also propose no port number
> (i.e. do the new
> > >> one over raw IP).
> > >>
> > >> - Alex
> > >
> > >What would that achieve? (communicating over raw IP)
> > >
> > >Chris
> > >
> > >
> >
> >-------------------------------------------------------------
> --------------
> > --------------------------------------
> > >The information contained in this message is confidential
> and is intended
> > >for the addressee(s) only. If you have received this
> message in error or
> > >there are any problems please notify the originator
> immediately. The
> > >unauthorized use, disclosure, copying or alteration of
> this message is
> > >strictly forbidden. Baltimore Technologies plc will not be
> liable for
> > direct,
> > >special, indirect or consequential damages arising from
> alteration of the
> > >contents of this message by a third party or as a result
> of any virus
> being
> > >passed on.
> > >
> > >In addition, certain Marketing collateral may be added
> from time to time
> to
> > >promote Baltimore Technologies products, services, Global
> e-Security or
> > >appearance at trade shows and conferences.
> > >
> > >This footnote confirms that this email message has been swept by
> > >Baltimore MIMEsweeper for Content Security threats, including
> > >computer viruses.
> > >
> > >
> > --
> >
> > Alex Alten
> >
> > Alten@Home.Com
> >
> >
>
Follow-Ups: