An interesting discussion which seems to keep coming back again and again.
IPsec has a mechanism to negotiate encryption; why not do the same for key management. Have the two ends negotiate based on what the session requires. As a default revert back to IKEv1 or a streamlined version of it.
Marc DesRosiers
-----Original Message-----
From: Paul Koning [mailto:pkoning@equallogic.com]
Sent: Thursday, July 18, 2002 9:41 AM
To: andrew.krywaniuk@alcatel.com
Cc: ipsec@lists.tislabs.com
Subject: RE: One base SOI ID? Humm
>>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
Andrew> Maybe some clarification of the poll is in order. What are we
Andrew> voting on exactly?
I'm not sure what the original question intended to ask, but here's my
take on your variants:
Andrew> 1. A single SOI protocol vs. 2 protocols?
Single protocol. Having two protocols would be a major mistake.
Andrew> 2. A merged SOI base vs. using IKEv2 as the base?
You mean "merged" as in "JFK and IKEv2 blended together"? If so,
then I'd say that doesn't sound like a recipe for rapid forward
progress, unless I missed something.
Andrew> 3. A single SOI protocol vs. continued uncertainty?
The former, emphatically. This process has already taken an amazingly
large amount of time.
paul