Re: Son-of-IKE Performance

["Steven M. Bellovin" <smb@research.att.com>]

In message <001a01c17f9b$6d251610$1e72788a@andrewk3.ca.newbridge.com>, "Andrew 
Krywaniuk" writes:
>> But those details are not nearly as controversial as JFK vs.
>> IKEv2 vs.
>> SIGMA vs. XKASS, and not even as controversial as the requirements on
>> which we'll base that choice.  This is, I think, obvious to
>> everyone.
>> Why are you beating on this point?  Is there anyone here, with the
>> possible exception of you, who thinks that this is the
>> crucial criterion
>> on which the WG is going to decide among the different proposals?
>
>It is a little misleading for a protocol which being presented as the
>'simple alternative' to omit many of the so-called minor details. I
>personally doubt that the crytographic framework will really be the deciding
>factor in which protocol advances. It might make the difference between
>IKEv2 and SIGMA, but not JFK. JFK is not just a key exchange protocol; it's
>a political movement.
>
>Here's a question. Have the authors of JFK given any thought to how (if?)
>they will incorporate NAT-traversal? With IKEv2, the already completed
>drafts from IKEv1 can be presumably carried forward.

JFK doesn't rely on IP addresses at all -- it can pass through NATs 
just fine.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

---

Follow-Ups:

• RE: Son-of-IKE Performance
• From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>
• Re: Son-of-IKE Performance
• From: Alex Alten <Alten@netvista.net>

---

• Prev by Date: RE: Son-of-IKE Performance
• Next by Date: RE: discussion of SIGMA-IKE
• Prev by thread: Re: Son-of-IKE Performance
• Next by thread: RE: Son-of-IKE Performance
• Index(es):
  • Main
  • Thread