[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

my attitude towards IKEv2

To: ipsec@lists.tislabs.com
Subject: my attitude towards IKEv2
From: Steve Bellovin <smb@research.att.com>
Date: Thu, 13 Dec 2001 13:37:30 -0700
Sender: owner-ipsec@lists.tislabs.com

There seems to be some confusion about my (personal) attitude towards 
IKEv2 and its creators.  I do not think that it's a bad job, or that 
the work was poorly done, and if I gave anyone the impression that I do 
feel that way, I humbly apologize.

I think that the authors did a very good job of simplifying a 
too-complex protocol, and a marvelous job of combining three complex 
documents into a single much-simpler document.  Where they and I (and, 
I think, the other JFK designers) differ is in a basic axiom.  
IKEv2 is based on the assumption that as much as possible of the 
current IKE structure (and perhaps code) should be preserved.  I (we) 
don't agree.  In my opinion, we'll end up with a much better result if 
we start with a slate wiped clean except for the lessons we've all 
learned from the failures (and successes) of IKEv1.

Again, if anyone is offended, I apologize.  I hope we can all work 
together on the rest of this issue.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com

Prev by Date: Re: compare-jfk-sigma.txt
Next by Date: RE: IKEv2 and NAT traversal
Prev by thread: Re: ikev2 questions arising from Radia's presentation
Next by thread: RE: my attitude towards IKEv2
Index(es):
- Main
- Thread