[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SOI QUESTIONS: 2.3 Authentication styles
On Tue, Jun 18, 2002 at 09:08:57PM -0400, Uri Blumenthal wrote:
> On Tuesday 18 June 2002 20:14, Theodore Ts'o wrote:
> > The fact that there is an IPSRA working group is a fairly strong
> > argument that remote-access specific functionality should be handled
> > by another protocol. This would also have the advantage of keeping
> > the core key management protocol small, ........
>
> I strongly disagree with the last statement, and consider it
> technically incorrect. Remote access does not add perceptible overhead
> (unless you want to first retrieve your PK and then run a "normal" key
> exchange, but leave out how practical it is. Suffeces to say that
> "legacy auth" today fits well enough into the standard IKE).
The overhead I was referring to here is protocol complexity overhead
and implementation size overhead. The latter can be solved by making
the legacy/remote access features optional, although that doesn't help
the protocol complexity issue.
- Ted