[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Choosing between IKEv2 and JFK



Ran Canetti wrote:
> In a nutshell, the JFK approach prefers a lean and simple protocol, that is
> easier to code, deploy, and analyze, at the price of somewhat limited
> functionality. IKEv2 maintains more of the functionality of IKEv1, at the
> price of additional complexity...........
> There are scenarios where each protocol fares better than the other.

Precisely.

> Anyway, when deciding between the two protocols for the next generation of
> IKE, it may be good to keep in mind that IKEv1 will most probably be around
> for a while (if not for good), living side-by-side with the next generation.

The stated goal was to come up with a protocol to REPLACE the existing
IKE,
rather than to supplement it.

> Thus, it may be beneficial to have a next generation protocol that best
> matches the scenarios that IKEv1 doesnt.

Not UNLESS this next generation protocol ALSO best matches the
scenarios that IKEv1 does [and that turned out useful :-]. For
the above reason. [And if people think that those "unmatched" 
scenarios are necessary.]


> Here it seems to me that JFK provides a good complement to IKEv1....

Ran, but we weren't seeking a complement! Rather a replacement.
--
Regards,
Uri
-=-=-=<>=-=-
<Disclaimer>