Re: SOI QUESTION: 6.4 Code-preservingness

[Jan Vilhuber <vilhuber@cisco.com>]

On Fri, 12 Jul 2002, Theodore Ts'o wrote:

>
> Please discuss and answer the following question:
>
>
> 6.4 Code-preservingness
>
> 6.4.A) Is it important that SOI allow some amounts of an IKEv1
> implementation be reusable when creating an SOI implementation?
>

The large parts in IKE aren't IKE itself, but ASN.1, pkcs, x509, etc
for certificates. Some of the crypto primitives are large
(comparatively). The IKE code itself isn't that large and can be
trimmed down by profiling.

I don't think we want to constrain ourselves to making sure we can
reuse existing code. Where it makes sense, sure. Where it doesn't amke
sense, write new code. If the format of the messages (see previous
message about wire format) is sufficiently the same, the new code is
pretty trivial in that most implementors are already familiar with it.

>
> Implications from the Scenarios:
>
> IPS: <<<[ietf-ips-security-xx.txt] discusses resource constraints,
> calling out the size for both code footprint and data as the most
> important criteria.>>> [[[6]]]
>

I support all efforts to profile IKE, x.509, asn.1, etc. Not having to
have a full asn.1 and x.509 parser would reduce code sizes
tremendously.

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847

http://www.eff.org/cafe