[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IKE must have no Heirs
Steve,
The fact that IPSEC has only gained widespread acceptance in the VPN
market and is not being employed for its intended purpose, the fact that
five years after the event the group is under an IESG injunction to get its
act together suggest to me that those who were immediately responsible for
the current situation should not be so openly contemptious and dismissive of
those who might have useful ideas on how to remedy the current situation.
I do not much care for the history of the internal politics of any
IETF group, let alone the personal campaign stories of the combatants in the
IKE vs SKIP wars. Nor for that matter am I as you suggest 'fond of SKIP',
rather I have an aversion to a specification that introduces nine separate
protocols for performing a simple key exchange.
Phill
Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227
> -----Original Message-----
> From: Stephen Kent [mailto:kent@bbn.com]
> Sent: Wednesday, August 15, 2001 3:41 PM
> To: Hallam-Baker, Phillip
> Cc: ipsec@lists.tislabs.com
> Subject: RE: IKE must have no Heirs
>
>
> At 8:20 AM -0700 8/15/01, Hallam-Baker, Phillip wrote:
> > > SKIP was a poor choice for any long-lived SA, because SKIP forced
> >> every packet to carry SA state information in lieu of
> exchanging SA
> >> establishment messages.
> >
> >I see no reason why that specific problem could not have been fixed.
> >If you have a securely established shared secret that is
> securely bound
> >to a shared context there should be no per packet state requirement.
>
> Phil,
>
> You seem to be confusing the name of a protocol, and your apparent
> fondness for it, with the details that define that protocol. I don't
> recall your participation in IPsec WG activities during the time that
> the SKIP vs. IKE war took place, so perhaps your understanding of the
> history here is not so precise.
>
> Steve
>
Phillip
Follow-Ups: