[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
my attitude towards IKEv2
There seems to be some confusion about my (personal) attitude towards
IKEv2 and its creators. I do not think that it's a bad job, or that
the work was poorly done, and if I gave anyone the impression that I do
feel that way, I humbly apologize.
I think that the authors did a very good job of simplifying a
too-complex protocol, and a marvelous job of combining three complex
documents into a single much-simpler document. Where they and I (and,
I think, the other JFK designers) differ is in a basic axiom.
IKEv2 is based on the assumption that as much as possible of the
current IKE structure (and perhaps code) should be preserved. I (we)
don't agree. In my opinion, we'll end up with a much better result if
we start with a slate wiped clean except for the lessons we've all
learned from the failures (and successes) of IKEv1.
Again, if anyone is offended, I apologize. I hope we can all work
together on the rest of this issue.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com