[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just Fast Keying (JFK) draft
Roy!
I agree that changes to IKE not just justified but essential!
The difference between IKEv2, IKE-SIGMA and JFG is that the first two enable
IKE code re-use, while JFK doesn't!
Sara
----- Original Message -----
From: Kopeikin, Roy A (Roy) <rkopeikin@lucent.com>
To: Sara Bitan <sarab@cs.technion.ac.il>; sami.vaarala <sva@netseal.com>;
David Wagner <daw@mozart.cs.berkeley.edu>
Cc: 'Steven M. Bellovin' <smb@research.att.com>;
<alexey.vyskubov@nokia.com>; <ipsec@lists.tislabs.com>; Hallam-Baker,
Phillip <pbaker@verisign.com>
Sent: Thursday, November 29, 2001 9:23 PM
Subject: RE: Just Fast Keying (JFK) draft
> Sara,
> For IPsec to be more widely used some changes to IKE are probably
justified.
> Perhaps we can resolve this by picking out the best parts of the current
> proposals, considering:
> - JFK re-keying algorithmn
> - advantage or not of SIGMA 2-way vs 3-way handshake
> - review JFK vs IKEv2 proposals for SA policy management and distribution
>
> Roy
>
> -----Original Message-----
> From: Sara Bitan [mailto:sarab@cs.Technion.AC.IL]
> Sent: Thursday, November 29, 2001 10:42 AM
> To: sami.vaarala; David Wagner
> Cc: 'Steven M. Bellovin'; alexey.vyskubov@nokia.com;
> ipsec@lists.tislabs.com; Hallam-Baker, Phillip
> Subject: Re: Just Fast Keying (JFK) draft
>
>
> Sami!
> I agree with you. We have to compare two fully specified protocol to find
> out if one of them is _significantly_ simpler then the other.
>
> David!
> You said that "IKE has always scared me with its complexity, so I am
warmly
> supportive of
> simplification efforts in this area. " Did you look at IKEv2, or at
> IKE-SIGMA?
> Both drafts suggest major changes to IKEv1, and I think they are both
> considerably less complex. What do you think?
>
> As a person who invested a lot in IKE implementation and interoperability
> till we brought IKEv1 to its maturity, I think we should make sure that a
> totally new key management protocol will be either
> _significantly_ more secure, or
> _significantly_ simpler, or
> answers requirements that are not answered by the two proposals to a new
> version of IKE.
>
> Before we launch this new adventure of inventing, implementing and
bringing
> a new key management to its maturity (it took us five years last time we
did
> it - yes I know you'll say that IKEv1 is complex;-) ) we must have very
good
> reasons to do it, and I don't think we have them,
>
> Sara.
>
>
>
> ----- Original Message -----
> From: sami.vaarala <sva@netseal.com>
> To: Hallam-Baker, Phillip <pbaker@verisign.com>
> Cc: 'Steven M. Bellovin' <smb@research.att.com>;
> <alexey.vyskubov@nokia.com>; <ipsec@lists.tislabs.com>
> Sent: Wednesday, November 28, 2001 7:21 PM
> Subject: RE: Just Fast Keying (JFK) draft
>
>
> >
> > On Wed, 28 Nov 2001, Hallam-Baker, Phillip wrote:
> > > I am somewhat disappointed that there appears to have been almost no
> > > substantive discussion of JFK on the list. This may indicate that the
> > > protocol is secure, or it may indicate that nobody has been bothered
to
> read
> > > it - which given the effort put into previous flames over the subject
> of
> > > keying would be somewhat disappointing.
> >
> > I read the draft, and found it very promising. However, it is difficult
> > to compare IKEv1/IKEv2 to JFK at this point, because JFK has not been
> > specified in full detail yet. (I'm referring to implementation
> > complexity, a security comparison should be possible.)
> >
> > To compare fairly, a wire format and a definition of the JFK "sa"
> > payload would be needed. In IKEv2, the SA payload and the traffic
> > selectors are a major cause of complexity, and thus have to be taken
> > into account when comparing the two proposals.
> >
> > -Sami
> >
References: