[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE

To: Henry Spencer <henry@spsystems.net>
Subject: Re: Simplifying IKE
From: Michael Thomas <mat@cisco.com>
Date: Fri, 10 Aug 2001 02:59:54 -0700 (PDT)
Cc: Jan Vilhuber <vilhuber@cisco.com>, ipsec@lists.tislabs.com
In-Reply-To: <Pine.BSI.3.91.1010809215525.8177D-100000@spsystems.net>
References: <Pine.LNX.4.21.0108091841020.5064-100000@janpc-home.cisco.com><Pine.BSI.3.91.1010809215525.8177D-100000@spsystems.net>
Sender: owner-ipsec@lists.tislabs.com

Henry Spencer writes:
 > > The existence of KINK is another proof. There's obviously people that need
 > > extremely fast and light-weight keying, which KINK (again arguably) provides
 > > (for certain scenarios).
 > 
 > Again, there are people who *think* they need better keying performance,
 > but that doesn't make it true.  (There were a lot of people who thought
 > they needed better data-transfer protocol performance than TCP/IP could
 > deliver.  They put a lot of work into "lightweight" alternatives, most of
 > which are dead and forgotten, superseded by TCP/IP.)

   I don't know how much proof you need. An eight exchange
   setup with the requisite public key operations would
   make IKE an unsuitable alternative for end to end keying
   for, say, SIP traffic where people have built in expectations
   of post dial delay. In fact, even a two message exchange
   with cheap symmetric keying is problematic; there's a lot of
   other baggage than just key agreement when you're trying
   to set up a call.

	  Mike

References:

Re: Simplifying IKE

From: Jan Vilhuber <vilhuber@cisco.com>

Re: Simplifying IKE

From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: Simplifying IKE
Next by Date: Re: Simplifying IKE
Prev by thread: Re: Simplifying IKE
Next by thread: Re: Simplifying IKE
Index(es):
- Main
- Thread