[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
They aren't directly related, but their existence
definitely increase complexity of IKE. Unless we
completely change code bases, that may well be
water under the bridge for IKE though.
MIke
David Wagner writes:
> Sandy Harris wrote:
> >The Leech, Schiller and Bellovin (LSB?) document mentions:
> >> the goal: to produce a more secure, simpler, and more robust version of IKE.
> >
> >From the Schneier and Ferguson analysis we get:
> >> 1: eliminate transport mode
> >> 2. eliminate the AH protocol
> >> 3. modify ESP to always authenticate [...]
> >> 4. modify ESP to ensure it authenticates all data [...]
>
> What do any of those have to do with IKE? Those are all about
> the packet-level format, which has very little to do with IKE, as
> far as I can see.
References: