[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
On Thu, 9 Aug 2001, Henry Spencer wrote:
> On Thu, 9 Aug 2001, Jan Vilhuber wrote:
> > I don't much like making a middle-of-the-road protocols. We just had one.
>
> No, we had a cover-the-whole-road-with-a-thousand-vague-options protocol.
> It's not the same thing.
>
Sigh.. I believe we're actually arguing more or less the same thing, but with
differing degrees.
You're saying satisfy 90%. Personally, I wonder if there IS a 90% in the
ipsec WG. I've yet to see more than, say (making this up now for dramatic
effect) 20% of the people agree on any particular thing.
I say let's figure out the camps, and write a protocol that satisfies ONE of
the camps (and later we'll write another that satisfies the other, if they
decide there's still a need to do so).
A straw-poll should quickly show if there's a 90% that agree on something in
this group. If, so, we'll obviously do what you propose. If not, we'll wind
up doing what I propose (in some way).
As for middle-of-the-road, I fear that it'll be so-so at everything, and not
very good at anything at all (design by committee. It's one of the few things
I DID agree with in the Schneier paper). That'll just prompt people to ignore
it altogether and write their own. I much prefer to write out the
requirements fairly (but not too, and there's the rub) narrow, and write the
darn protocol. People will then know what it's good for and what it's NOT
good for, and hopefully not come whining about 'oh no.. not IKE' again (you
can't imagine how many meetings and discussions I've heard that).
jan
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
Follow-Ups:
References: