[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: One base SOI ID? Humm



before starting a poll to make one SOI or not.
could we make the goal or the purpose of SOI as the IPsec WG ?
the purpose of SOI, of course, is to establish SA.
i mean, for examle, nowaday, there are several KMPs.
they states own goals.

KINK is designed to establish SA with low computational cost
within a centrally managed environment.
KINK darft draft-ietf-kink-kink-02.txt states:
   The performance goals of the protocol are to incur a low computational
   cost, to have low latency, to have a small footprint, and to avoid or
   minimize the use of public key operations.

MIKEY is designed to establish SA between real-time multimedia
applications. MIKEY draft draft-ietf-msec-mikey-03.txt states:
   The focus is on how to set up key management for secure multimedia
   sessions such that requirements in a heterogeneous environment
   are fulfilled.

JFK also states the design goals in its drafts.  i believe one
important thing is "simplicity".

only IKEv2 seems not to state its goals.  in fact, IKEv2 drafts has
the section of describing the goal in draft-ietf-ipsec-ikev2-02.txt.
but it is different point from the goals stated by avobe three KMPs.

my impression is that those who have each own scenario have required
several proposal to SOI.  it will cause SOI making fatty.

to make the goal of SOI as the IPsec WG, we already have a hint in the
section 9 of draft-ietf-ipsec-soi-features-01.txt.
it categorizes features in the IKE requirements.

	1 Virtual Private Network Site-to-Site Tunnels
	2 Secure Remote Access
	3 End-to-End Security
	4 IP Storage
	5 PPVPN/MPLS

a fatty SOI could deal with all of them.  but such SOI would have 
some issue after fall.

i personally think that some key exchange protocols can be allowed
to exist in the internet.  if we would have some KMPs, then SOIs would
be probably simple and publish to the internet quickly.
OR if the goal of SOI in the IPsec WG would be more secure, more robust
and all-in-one protocol, then we could have simpler KMP like JFK until
new SOI would be published.

//shoichi sakane