RE: Son-of-IKE Performance

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

Let us leave such discussions to the point where we have selected an
algorithm to implement.

My reason for calling foul was that an argument was made on 
performance grounds, not on the grounds that the specification 
is incomplete.

We know that the specifications are incomplete. Those contributing
to the discussion are all capable of filling in the abstracted 
elements.

As it happens XKASS is faster than JFK, SIGMA or IKE, using fewer
round trips and fewer cryptographic operations.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Henry Spencer [mailto:henry@spsystems.net]
> Sent: Friday, December 07, 2001 4:27 PM
> To: IP Security List
> Subject: Re: Son-of-IKE Performance 
> 
> 
> On Fri, 7 Dec 2001, Dan Harkins wrote:
> >   My point is that just saying "by obvious means" is not 
> good enough.
> > After seeing how emminently reasonable people interpreted 
> "by obvious
> > means" differently during implementation of RFC2409 I think it is
> > necessary to explain the means exactly.
> 
> I concur.  One thing that all too many IETF protocols suffer 
> from is the
> inability to produce a fully interoperable implementation 
> solely from the
> documents, without relying on a body of folklore to fill in details.
> 
>                                                           
> Henry Spencer
>                                                        
> henry@spsystems.net
>

Phillip

---

Follow-Ups:

• Re: Son-of-IKE Performance
• From: Eric Rescorla <ekr@rtfm.com>

---

• Prev by Date: RE: Please save the pre-shared key mode
• Next by Date: Re: Please save the pre-shared key mode
• Prev by thread: Re: Son-of-IKE Performance
• Next by thread: Re: Son-of-IKE Performance
• Index(es):
  • Main
  • Thread