[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE must have no Heirs

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: IKE must have no Heirs
From: Stephen Kent <kent@bbn.com>
Date: Tue, 14 Aug 2001 20:14:32 -0400
Cc: "'Dan Harkins'" <dharkins@lounge.org>, Alex Alten <Alten@home.com>, Kory Hamzeh <kory@avatar.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'mcnelson@mindspring.com'" <mcnelson@mindspring.com>, ipsec@lists.tislabs.com
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F40154CA51@vhqpostal.verisign.com>
References: <2F3EC696EAEED311BB2D009027C3F4F40154CA51@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

At 8:56 AM -0700 8/7/01, Hallam-Baker, Phillip wrote:
>Dan,
>
>It has been somewhat difficult for anyone in the IETF security area in the
>past dacade not to become familliar with the internal machinations of the
>IPSEC group.
>
>I would like something no more complex than SKIP that used RSA or DSA.
>
>In 1995 SKIP would have been the right move. At this point to go forward
>there has to at least be compatibility with the keying material that is
>already distributed.

SKIP was a poor choice for any long-lived SA, because SKIP forced 
every packet to carry SA state information in lieu of exchanging SA 
establishment messages.

Steve

References:

RE: IKE must have no Heirs

From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: Re: Traffic handling and key management "divide and coquer"
Next by Date: RE: Simplifying IKE
Prev by thread: RE: IKE must have no Heirs
Next by thread: RE: IKE must have no Heirs
Index(es):
- Main
- Thread