Re: [mobile-ip] Re: replacing IPsec's replay protection?

[Uri Blumenthal <uri@bell-labs.com>]

On Tuesday 02 April 2002 20:08, Michael Thomas wrote:
 >
 > If people want a "light weight" keying scheme for
 > IPsec, it should either be pursued in IPsec WG, or
 > through a BOF......As I've mentioned, there are some
 > of our folks who have some interest in this, and
 > their scheme doesn't require per node storage of
 > anything but the key and something akin to the
 > EngineBoots counter in SNMPv3. This would be a
 > much better solution to this problem.

Actually, this is interesting - because indeed there are applications 
and protocols that want to use IPsec for protection, but don't want
to use IKE for key negotiation. For example, SIP would prefer AKA
to arrive at the shared session keys...

My only concern is that the BOF road may take too long.

What would IPSEC WG folks say about a lightweight protocol, that has
most of the SA parameters pre-defined (hard-coded), and very few left
for negotiation (the keys,  and maybe something else)?
A good question is whether those interested can agree upon such
an arrangement (and if not - then IKE-like protocol is a-must, to offer
negotiation of every thing that somebody must have).

Mike, could you put me in touch with those people who are interested?

Thanks!
-- 
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>