[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Choosing between IKEv2 and JFK

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Choosing between IKEv2 and JFK
From: Henry Spencer <henry@spsystems.net>
Date: Sat, 16 Mar 2002 15:54:42 -0500 (EST)
In-Reply-To: <200203160135.UAA22350@ornavella.watson.ibm.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 15 Mar 2002, Ran Canetti wrote:
> Anyway, when deciding between the two protocols for the next generation of
> IKE, it may be good to keep in mind that IKEv1 will most probably be around
> for a while (if not for good), living side-by-side with the next generation. 
> Thus, it may be beneficial to have a next generation protocol that best 
> matches the scenarios that IKEv1 doesnt...

That depends on whether we think of the new protocol as a supplement to
IKEv1, or as something that will slowly replace it. 

I don't believe there would be nearly this level of interest in adding yet
another keying protocol *beside* IKEv1.  The intent is definitely to
*replace* IKEv1.  The fact that there will inevitably be a lengthy
transition period should not be confused with an intention for the two to
coexist indefinitely. 

Therefore, if a particular candidate is poor at handling some scenarios
that IKEv1 handles well, that *is* definitely a point against it.  Perhaps
not a fatal flaw, depending on details, but definitely a disadvantage.

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- Re: Choosing between IKEv2 and JFK
  - From: Ran Canetti <canetti@watson.ibm.com>

Prev by Date: Re: Comment on draft-ike-implementation regarding nonce size
Next by Date: Re: Comment on draft-ike-implementation regarding nonce size
Prev by thread: Re: Choosing between IKEv2 and JFK
Next by thread: Re: Choosing between IKEv2 and JFK
Index(es):
- Date
- Thread