[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IKE must have no Heirs

To: "Hallam-Baker, Phillip" <pbaker@verisign.com>, "'Stephen Kent'" <kent@bbn.com>, "Hallam-Baker, Phillip" <pbaker@verisign.com>
Subject: RE: IKE must have no Heirs
From: Alex Alten <Alten@home.com>
Date: Wed, 15 Aug 2001 18:49:01 -0700
Cc: ipsec@lists.tislabs.com
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F4058696E8@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

Ahh...this takes me back to my fading memories of the Secure 
SNMP War back in '96, i.e the SNMPv2 WG.  :-}

- Alex

At 01:30 PM 8/15/2001 -0700, Hallam-Baker, Phillip wrote:
>Steve,
>
>	The fact that IPSEC has only gained widespread acceptance in the VPN
>market and is not being employed for its intended purpose, the fact that
>five years after the event the group is under an IESG injunction to get its
>act together suggest to me that those who were immediately responsible for
>the current situation should not be so openly contemptious and dismissive of
>those who might have useful ideas on how to remedy the current situation.
>
>	I do not much care for the history of the internal politics of any
>IETF group, let alone the personal campaign stories of the combatants in the
>IKE vs SKIP wars. Nor for that matter am I as you suggest 'fond of SKIP',
>rather I have an aversion to a specification that introduces nine separate
>protocols for performing a simple key exchange.
>
>		Phill
>
>
>Phillip Hallam-Baker FBCS C.Eng.
>Principal Scientist
>VeriSign Inc.
>pbaker@verisign.com
>781 245 6996 x227
>
>
>> -----Original Message-----
>> From: Stephen Kent [mailto:kent@bbn.com]
>> Sent: Wednesday, August 15, 2001 3:41 PM
>> To: Hallam-Baker, Phillip
>> Cc: ipsec@lists.tislabs.com
>> Subject: RE: IKE must have no Heirs
>> 
>> 
>> At 8:20 AM -0700 8/15/01, Hallam-Baker, Phillip wrote:
>> >  > SKIP was a poor choice for any long-lived SA, because SKIP forced
>> >>  every packet to carry SA state information in lieu of 
>> exchanging SA
>> >>  establishment messages.
>> >
>> >I see no reason why that specific problem could not have been fixed.
>> >If you have a securely established shared secret that is 
>> securely bound
>> >to a shared context there should be no per packet state requirement.
>> 
>> Phil,
>> 
>> You seem to be confusing the name of a protocol, and your apparent 
>> fondness for it, with the details that define that protocol.  I don't 
>> recall your participation in IPsec WG activities during the time that 
>> the SKIP vs. IKE war took place, so perhaps your understanding of the 
>> history here is not so precise.
>> 
>> Steve
>> 
>
>
>Attachment Converted: "d:\eudora\attach\Phillip Hallam-Baker (E-mail)15.vcf"
>
--

Alex Alten

Alten@Home.Com

References:

RE: IKE must have no Heirs

From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: RE: [Design] Re: Wes Hardaker: opportunistic encryption deploymen t problems
Next by Date: RE: IKE must have no Heirs
Prev by thread: RE: IKE must have no Heirs
Next by thread: RE: IKE must have no Heirs
Index(es):
- Main
- Thread