IETF Ipsec Community:
In the opinion of the Nortel Network's Portfolio Integration Network Security Group, the recent push to fully embrace the "son of IKE" replacement for IPSec and IKE by the IETF Standards community is a rushed judgment meant to fix a problem that does not necessarily exist. The Network Security Group understands, but does not fully agree, with popular proposition that IPSec and IKE are too complicated to modify further. For those that have used and implemented both of these protocols, we are comfortable with implementation and operational results. The proposed "son of IKE's" lack of backwards compatibility to IPSec and IKE add further resistance to abandoning these two protocols. Far better if a replacement is indeed required, in our opinion, to identify and delete or modify those segments of IPSec and IKE that are deemed to be confusing or of limited implementation flexibility. In our opinion, it is wiser to simplify rather than reject and redo.
Regards,
Wilson Leung
Wilson Leung, CISSP
Senior Security Consultant
Nortel Networks - NGN Security Solutions Team
301-570-0966 ESN (451)
240-604-4235 Cell