[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Simplifying Son of IKE
I think that Nortel Network's Portfolio Integration Network Security
Group misunderstands the scope of the work (and the separation of the
base protocols from key management). None of the son-of-ike work will in
anyway impact "backwards compatibility to IPsec". AH and ESP do not know
or care whether the SAs they are using were established by IKE,
son-of-ike, JFK, LBJ or W.
Dan.
On Fri, 24 Aug 2001 11:53:41 EDT you wrote
>
> IETF Ipsec Community:
>
> In the opinion of the Nortel Network's Portfolio Integration Network
> Security Group, the recent push to fully embrace the "son of IKE"
> replacement for IPSec and IKE by the IETF Standards community is a rushed
> judgment meant to fix a problem that does not necessarily exist. The
> Network Security Group understands, but does not fully agree, with popular
> proposition that IPSec and IKE are too complicated to modify further. For
> those that have used and implemented both of these protocols, we are
> comfortable with implementation and operational results. The proposed "son
> of IKE's" lack of backwards compatibility to IPSec and IKE add further
> resistance to abandoning these two protocols. Far better if a replacement
> is indeed required, in our opinion, to identify and delete or modify those
> segments of IPSec and IKE that are deemed to be confusing or of limited
> implementation flexibility. In our opinion, it is wiser to simplify rather
> than reject and redo.
>
> Regards,
> Wilson Leung
>
> Wilson Leung, CISSP
> Senior Security Consultant
> Nortel Networks - NGN Security Solutions Team
> 301-570-0966 ESN (451)
> 240-604-4235 Cell
>
>
>
> ------_=_NextPart_001_01C12CB4.F296A960
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
> <HTML>
> <HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Diso-8859-1">
> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
> 5.5.2654.89">
> <TITLE>RE: Simplifying Son of IKE</TITLE>
> </HEAD>
> <BODY>
>
> <P><FONT SIZE=3D2>IETF Ipsec Community:</FONT>
> </P>
>
> <P><FONT SIZE=3D2>In the opinion of the Nortel Network's Portfolio =
> Integration Network Security Group, the recent push to fully embrace =
> the "son of IKE" replacement for IPSec and IKE by the IETF =
> Standards community is a rushed judgment meant to fix a problem that =
> does not necessarily exist. The Network Security Group =
> understands, but does not fully agree, with popular proposition that =
> IPSec and IKE are too complicated to modify further. For those =
> that have used and implemented both of these protocols, we are =
> comfortable with implementation and operational results. The =
> proposed "son of IKE's" lack of backwards compatibility to =
> IPSec and IKE add further resistance to abandoning these two =
> protocols. Far better if a replacement is indeed required, in our =
> opinion, to identify and delete or modify those segments of IPSec and =
> IKE that are deemed to be confusing or of limited implementation =
> flexibility. In our opinion, it is wiser to simplify rather than =
> reject and redo. </FONT></P>
>
> <P><FONT SIZE=3D2>Regards,</FONT>
> <BR><FONT SIZE=3D2>Wilson Leung</FONT>
> </P>
>
> <P><FONT SIZE=3D2>Wilson Leung, CISSP</FONT>
> <BR><FONT SIZE=3D2>Senior Security Consultant</FONT>
> <BR><FONT SIZE=3D2>Nortel Networks - NGN Security Solutions Team</FONT>
> <BR><FONT SIZE=3D2>301-570-0966 ESN (451)</FONT>
> <BR><FONT SIZE=3D2>240-604-4235 Cell</FONT>
> </P>
> <BR>
>
> </BODY>
> </HTML>
> ------_=_NextPart_001_01C12CB4.F296A960--
References: