[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles

To: Uri Blumenthal <uri@bell-labs.com>
Subject: Re: SOI QUESTIONS: 2.3 Authentication styles
From: "Theodore Ts'o" <tytso@mit.edu>
Date: Thu, 20 Jun 2002 11:18:27 -0400
Cc: "Theodore Ts'o" <tytso@mit.edu>, ipsec@lists.tislabs.com
In-Reply-To: <200206190109.VAA17843@nwmail.wh.lucent.com>
References: <E17KT7Z-0001L8-00@think.thunk.org> <200206190109.VAA17843@nwmail.wh.lucent.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mutt/1.3.28i

On Tue, Jun 18, 2002 at 09:08:57PM -0400, Uri Blumenthal wrote:
> On Tuesday 18 June 2002 20:14, Theodore Ts'o wrote:
> > The fact that there is an IPSRA working group is a fairly strong
> > argument that remote-access specific functionality should be handled
> > by another protocol.  This would also have the advantage of keeping
> > the core key management protocol small, ........
> 
> I strongly disagree with the last statement, and consider it 
> technically incorrect. Remote access does not add perceptible overhead 
> (unless you want to first retrieve your PK and then run a "normal" key 
> exchange, but leave out how practical it is. Suffeces to say that 
> "legacy auth" today fits well enough into the standard IKE).

The overhead I was referring to here is protocol complexity overhead
and implementation size overhead.  The latter can be solved by making
the legacy/remote access features optional, although that doesn't help
the protocol complexity issue.

						- Ted

Follow-Ups:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: Uri Blumenthal <uri@bell-labs.com>

References:
- SOI QUESTIONS: 2.3 Authentication styles
  - From: "Theodore Ts'o" <tytso@mit.edu>

Prev by Date: Re: SOI QUESTIONS: 2.3 Perfect forward secrecy (PFS)
Next by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Prev by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Index(es):
- Date
- Thread