[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Just Fast Keying (JFK) draft
On Wed, 28 Nov 2001, Hallam-Baker, Phillip wrote:
> I am somewhat disappointed that there appears to have been almost no
> substantive discussion of JFK on the list. This may indicate that the
> protocol is secure, or it may indicate that nobody has been bothered to read
> it - which given the effort put into previous flames over the subject of
> keying would be somewhat disappointing.
I read the draft, and found it very promising. However, it is difficult
to compare IKEv1/IKEv2 to JFK at this point, because JFK has not been
specified in full detail yet. (I'm referring to implementation
complexity, a security comparison should be possible.)
To compare fairly, a wire format and a definition of the JFK "sa"
payload would be needed. In IKEv2, the SA payload and the traffic
selectors are a major cause of complexity, and thus have to be taken
into account when comparing the two proposals.
-Sami
Follow-Ups:
References: