[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: compare-jfk-sigma.txt

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: compare-jfk-sigma.txt
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 7 Dec 2001 17:47:02 -0500 (EST)
In-Reply-To: <200112052312.fB5NC5I00906@marajade.sandelman.ottawa.on.ca>
Sender: owner-ipsec@lists.tislabs.com

On Wed, 5 Dec 2001, Michael Richardson wrote:
>   I frankly think that we need a lot more policy to be communicated (both
> negotiation style and agreement style).	
>   If you feel that this belongs in another protocol, I won't argue with that.
> But, I strongly think that it must exist.

Agreed.

IKE has been successful partly because it does meet this need, in a
half-baked and sometimes-inadequate way.

It is not unreasonable to argue that it should be in a separate protocol.
But it *is* unreasonable to argue that it should be in a separate protocol
*which is to be defined later*.  If you want this taken out of son-of-IKE,
you need to specify how the functionality is to be replaced.  That means a
protocol spec, not just a promise to write one someday.

Personally I see no particular need to separate the two, and much harm
that might result.  I think this notion comes from the peculiar world-view
of PFKEY, which solves half the problem and pretends that the other half
doesn't exist.  Yes, it makes the world simpler, but...

                                                          Henry Spencer
                                                       henry@spsystems.net

References:

Re: compare-jfk-sigma.txt

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: RE: Please save the pre-shared key mode
Next by Date: RE: Please save the pre-shared key mode
Prev by thread: Re: compare-jfk-sigma.txt
Next by thread: Re: compare-jfk-sigma.txt
Index(es):
- Main
- Thread