[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just Fast Keying (JFK) draft



Sami!
I agree with you. We have to compare two fully specified protocol to find
out if one of them is _significantly_ simpler then the other.

David!
You said that "IKE has always scared me with its complexity, so I am warmly
supportive of
simplification efforts in this area.  " Did you look at IKEv2, or at
IKE-SIGMA?
Both drafts suggest major changes to IKEv1, and I think they are both
considerably less complex. What do you think?

As a person who invested a lot in IKE implementation and interoperability
till we brought IKEv1 to its maturity,  I think we should make sure that a
totally new key management protocol will be either
_significantly_ more secure, or
_significantly_ simpler, or
answers requirements that are not answered by the two proposals to a new
version of IKE.

Before we launch this new adventure of inventing, implementing and bringing
a new key management to its maturity (it took us five years last time we did
it - yes I know you'll say that IKEv1 is complex;-) ) we must have very good
reasons  to do it, and I don't think we have them,

 Sara.



----- Original Message -----
From: sami.vaarala <sva@netseal.com>
To: Hallam-Baker, Phillip <pbaker@verisign.com>
Cc: 'Steven M. Bellovin' <smb@research.att.com>;
<alexey.vyskubov@nokia.com>; <ipsec@lists.tislabs.com>
Sent: Wednesday, November 28, 2001 7:21 PM
Subject: RE: Just Fast Keying (JFK) draft


>
> On Wed, 28 Nov 2001, Hallam-Baker, Phillip wrote:
>  > I am somewhat disappointed that there appears to have been almost no
>  > substantive discussion of JFK on the list. This may indicate that the
>  > protocol is secure, or it may indicate that nobody has been bothered to
read
>  > it - which given the effort put into previous flames over the subject
of
>  > keying would be somewhat disappointing.
>
> I read the draft, and found it very promising.  However, it is difficult
> to compare IKEv1/IKEv2 to JFK at this point, because JFK has not been
> specified in full detail yet.  (I'm referring to implementation
> complexity, a security comparison should be possible.)
>
> To compare fairly, a wire format and a definition of the JFK "sa"
> payload would be needed.  In IKEv2, the SA payload and the traffic
> selectors are a major cause of complexity, and thus have to be taken
> into account when comparing the two proposals.
>
> -Sami
>



References: