[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: ipsec@lists.tislabs.com
Subject: Re: Simplifying IKE
From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: 8 Aug 2001 07:18:29 GMT
Distribution: isaac
Newsgroups: isaac.lists.ipsec
Organization: University of California, Berkeley
References: <3B709706.4D051BE5@storm.ca>
Sender: owner-ipsec@lists.tislabs.com

Sandy Harris  wrote:
>The Leech, Schiller and Bellovin (LSB?) document mentions:
>> the goal: to produce a more secure, simpler, and more robust version of IKE.
>
>From the Schneier and Ferguson analysis we get:
>> 1: eliminate transport mode
>> 2. eliminate the AH protocol
>> 3. modify ESP to always authenticate [...]
>> 4. modify ESP to ensure it authenticates all data [...]

What do any of those have to do with IKE?  Those are all about
the packet-level format, which has very little to do with IKE, as
far as I can see.

Follow-Ups:

Re: Simplifying IKE

From: Michael Thomas <mat@cisco.com>

References:

Simplifying IKE

From: Sandy Harris <sandy@storm.ca>

Prev by Date: RE: Simplifying IKE
Next by Date: son of IKE
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread