[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE



Ari Huttunen writes:
 > Thus my preference would be to have a four packet phase 1 (base mode) and
 > a four packet quick mode.

   Gad. Doesn't anybody care about link up times??? There
   a lots of things which are quite sensitive
   (user experiencewise) to startup delay. Just
   this amount of signaling would be enough to
   dissuade anybody from casually using IKE for,
   oh say, transport mode, and would be pretty
   sucky for everything else too. As Jari points
   out, there are plenty of link layers that
   punish you for these kinds of excesses.

   Also: it needs to be said that the when
   security flies in the face usability, it is
   well documented which one is jettisoned...

		   Mike


Follow-Ups: References: