[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: my attitude towards IKEv2
In the spirit of "all working together", the best final son-of-ike will
probably come not from one of the current 3 proposals exclusively, but from
best elements of the three, combined. We ought take the excellent thinking
done in the propopsed works combined to create the best final protocol.
Clearly we will need to use one proposal as the base, but from their we have
the flexibility to cut and paste from the others. This may save turf wars,
and produce better quality for us all.
> -----Original Message-----
> From: Steve Bellovin [mailto:smb@research.att.com]
> Sent: Thursday, December 13, 2001 12:38 PM
> To: ipsec@lists.tislabs.com
> Subject: my attitude towards IKEv2
>
>
> There seems to be some confusion about my (personal) attitude towards
> IKEv2 and its creators. I do not think that it's a bad job, or that
> the work was poorly done, and if I gave anyone the impression
> that I do
> feel that way, I humbly apologize.
>
> I think that the authors did a very good job of simplifying a
> too-complex protocol, and a marvelous job of combining three complex
> documents into a single much-simpler document. Where they
> and I (and,
> I think, the other JFK designers) differ is in a basic axiom.
> IKEv2 is based on the assumption that as much as possible of the
> current IKE structure (and perhaps code) should be preserved. I (we)
> don't agree. In my opinion, we'll end up with a much better
> result if
> we start with a slate wiped clean except for the lessons we've all
> learned from the failures (and successes) of IKEv1.
>
> Again, if anyone is offended, I apologize. I hope we can all work
> together on the rest of this issue.
>
> --Steve Bellovin, http://www.research.att.com/~smb
> Full text of "Firewalls" book now at
> http://www.wilyhacker.com
>
>