[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] No need for SHA-2 Packet Authentication - Open Letter to the WG and Area Directors

To: Russell Dietz <rdietz@hifn.com>
Subject: Re: [saag] No need for SHA-2 Packet Authentication - Open Letter to the WG and Area Directors
From: RJ Atkinson <rja@extremenetworks.com>
Date: Thu, 18 Jul 2002 01:47:23 -0400
Cc: IPSec Working Group <ipsec@lists.tislabs.com>, SAAG <saag@lists.tislabs.com>
In-Reply-To: <D7D145EB4903D311985E00A0C9FC76FE02873470@SJCXCH01.hifn.com>
Sender: owner-ipsec@lists.tislabs.com

On Thursday, July 18, 2002, at 01:39 AM, Russell Dietz wrote:
> I totally agree that the Internet tradition of allowing individuals to
> publish work should continue unchanged.  I apologize if I gave off that
> impression in our note.  That was not the intent.  We need 'optional'
> features to be made available to the Internet community in order to 
> allow
> for potential coordinated field 'trials' and interoperability.

Thank you for that clarification.

> The facts around this draft are that it was added to the charter of the
> IPSec WG as part of the AES cipher support effort.  (It is a WG draft!) 
> That
> linkage has caused misinformation in the original draft to become 
> perceived
> as pseudo-requirements.  The general issue of WG drafts and the 
> connection
> between this draft and the AES/FIPS 180-2 effort have created a great 
> deal
> of confusion at some of the implementers.
>
> So... the concern is the linkage and the request by the user community 
> for
> implementation as it is 'going to be a standard soon...'

IETF is not the only standards-body existing.  In particular, the US 
Government's
standards (e.g. FIPS) in fact are going to be (or already are; I'm not 
100%
current on where NIST stands with this) requiring this hash along with 
AES
for USG applications -- regardless of what the IETF decides should be in 
its
Internet Standards-track specification set.

So, purely speaking as a capitalist, if I were a vendor that planned to 
sell
an IPsec-based product to the USG (not a small market and their checks
don't bounce), I would want to implement this spec without regard to 
whether
the IETF chose to make it an Internet Standards-track specification.[1]

Now I'm not arguing for or against this particular draft going onto the 
IETF
standards-track.  I *am* gently suggesting that keeping it off the IETF
standards-track is very *unlikely* to greatly reduce customer demand for
this option.  Now debates about whether my market analysis is correct
are probably out of scope here, so maybe should be moved to private email
or some other non-IETF context.

Ran
rja@extremenetworks.com

[1] Extreme has no IPsec products.  No need for anyone to spin up,
     this really is a hypothetical statement. :-)

References:
- RE: [saag] No need for SHA-2 Packet Authentication - Open Letter to the WG and Area Directors
  - From: Russell Dietz <rdietz@hifn.com>

Prev by Date: Re: SHA-256-128 Draft: Is this really required? Contradiction...
Next by Date: Re: [saag] No need for SHA-2 Packet Authentication - Open Letter to the WG and Area Directors
Prev by thread: RE: [saag] No need for SHA-2 Packet Authentication - Open Letter to the WG and Area Directors
Next by thread: RE: No need for SHA-2 Packet Authentication - Open Letter to the WG a nd Area Directors
Index(es):
- Date
- Thread