[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
Henry Spencer writes:
> > The existence of KINK is another proof. There's obviously people that need
> > extremely fast and light-weight keying, which KINK (again arguably) provides
> > (for certain scenarios).
>
> Again, there are people who *think* they need better keying performance,
> but that doesn't make it true. (There were a lot of people who thought
> they needed better data-transfer protocol performance than TCP/IP could
> deliver. They put a lot of work into "lightweight" alternatives, most of
> which are dead and forgotten, superseded by TCP/IP.)
I don't know how much proof you need. An eight exchange
setup with the requisite public key operations would
make IKE an unsuitable alternative for end to end keying
for, say, SIP traffic where people have built in expectations
of post dial delay. In fact, even a two message exchange
with cheap symmetric keying is problematic; there's a lot of
other baggage than just key agreement when you're trying
to set up a call.
Mike
References: