[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SOI QUESTIONS: 2.3 Authentication styles

To: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Subject: Re: SOI QUESTIONS: 2.3 Authentication styles
From: Stephen Kent <kent@bbn.com>
Date: Fri, 21 Jun 2002 15:30:50 -0400
Cc: IP Security List <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.44.0206210810420.15498-100000@cypher.cisco.com>
References: <Pine.GSO.4.44.0206210810420.15498-100000@cypher.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

At 8:32 AM -0700 6/21/02, Chinna N.R. Pellacuru wrote:
>Steve,
>
>If you think the RFC 2401 issue that you bring up is a technical reason
>for rejecting L2TP+IPsec, think again.
>
>For the benefit of people who didn't go through this discussion I would
>like to say that, IMHO, this issue of RFC 2410 and L2TP+IPsec not being
>able to mandate 'static packet filtering', is not only NOT a technical
>issue, but also the most absurd issue that we(all supporters of
>L2TP+IPsec) had to put up with, in the discussion. It should be amply
>clear to anyone who is reading this thread that there is no consistency in
>Steve's argument.
>
>Ofcourse there are always some people who want to take credit for
>everything, and even take credit for the fact that something useful was
>rejected!
>
>We had so much of technical discussion, but in the end, it just felt like
>there was any technical reason that we did not address. We may not have
>had the moral majority, but a lot of stuff that goes on here doesn't have
>it too.
>
>I think, RFC 2401 is the single biggest hurdle for IPsec technology. How
>can we document 'IPsec architecture' in a single document 5 years ago.
>IPsec is being used in so many different scenarios, and in so many
>different and creative ways. To think that we can provide so much useless
>information in an RFC, and still make it useful is beyond me. I generally
>advice people who want to start on IPsec to just skip RFC 2401, and come
>back to it only after they know IPsec a little bit, so that they can weed
>out the useless stuff efficiently. I think the duality of this WG, not
>being able to decide whether 'remote access' belongs here or not, is
>somewhat due to our closed definition of 'IPsec architecture'.
>
>     chinna

I hope few people take any advice from you, given the above 
exhortation to create non-complaint implementations.

There is a disturbing trend in your messages, which I expect most 
list members have noted as well. You begin to raise technical issues, 
but when the claims are challenged or the assertions refuted, you 
transition to different arguments, never fully responding to the 
original challenges or rebuttals. This may be a good debate technique 
before an naive audience, but it fails for a technical audience such 
as this mailing list.

Steve

Follow-Ups:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

References:
- Re: SOI QUESTIONS: 2.3 Authentication styles
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by Date: apology
Prev by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Next by thread: Re: SOI QUESTIONS: 2.3 Authentication styles
Index(es):
- Date
- Thread