[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying IKE
Henry Spencer writes:
> On Fri, 10 Aug 2001, Michael Thomas wrote:
> > > No; belief and reality *are* different. The way you tell the difference
> > > is to design and build a decent-but-not-all-things-to-all-people solution,
> > > and listen to see if the outraged screams and angry grumbling slowly die
> > > away.
> >
> > Ah, the beloved OS vendor to the masses stance.
>
> No, actually, the Unix/TCP-IP/C stance. Build a decent general-purpose
> solution, and most of the people who were complaining about needing custom
> solutions will discover that general-purpose solutions really are good
> enough for them after all.
>
> Of course, if instead you build a crappy general-purpose solution, this
> will just reinforce their belief that they need custom solutions.
The general unix philosophy is to build small building
blocks which can be bolted together too instead of
overarching "solutions" (what was the problem again?).
Not directly related here, but I think that what needs
to be kept in mind here is that assumptions about VPN-like
scenarios and their timing requirements are not necessarily
good ones. Ideally, we'd have a base level exchange which
is lightweight which can be used in conjunction with something
else if the base mechanism doesn't provide all the required
functionality. This way, the people who don't care about the
extended functionality don't get it shoved down their throats.
And I'd say an 8 message exchange just to talk
to your opportunistically encrypted name-the-application-service
is pretty obnoxiously overweight (talk about slow-start!).
Mike
Follow-Ups:
References: