[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: daw@mozart.cs.berkeley.edu (David Wagner)
Subject: Re: Simplifying IKE
From: Michael Thomas <mat@cisco.com>
Date: Thu, 9 Aug 2001 09:58:49 -0700 (PDT)
Cc: ipsec@lists.tislabs.com
In-Reply-To: <9kqp45$pqf$1@abraham.cs.berkeley.edu>
Newsgroups: isaac.lists.ipsec
References: <3B709706.4D051BE5@storm.ca><9kqp45$pqf$1@abraham.cs.berkeley.edu>
Sender: owner-ipsec@lists.tislabs.com


They aren't directly related, but their existence
definitely increase complexity of IKE. Unless we 
completely change code bases, that may well be
water under the bridge for IKE though.

	    MIke

David Wagner writes:
 > Sandy Harris  wrote:
 > >The Leech, Schiller and Bellovin (LSB?) document mentions:
 > >> the goal: to produce a more secure, simpler, and more robust version of IKE.
 > >
 > >From the Schneier and Ferguson analysis we get:
 > >> 1: eliminate transport mode
 > >> 2. eliminate the AH protocol
 > >> 3. modify ESP to always authenticate [...]
 > >> 4. modify ESP to ensure it authenticates all data [...]
 > 
 > What do any of those have to do with IKE?  Those are all about
 > the packet-level format, which has very little to do with IKE, as
 > far as I can see.

References:

Simplifying IKE

From: Sandy Harris <sandy@storm.ca>

Re: Simplifying IKE

From: daw@mozart.cs.berkeley.edu (David Wagner)

Prev by Date: Re: Simplifying IKE
Next by Date: Re: Simplifying IKE
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread