Hello,
The original intent of creating a next version of the IKE protocol was to reduce the complexity of the first one. Most observers of the next IKE evolution, including the principal author, Charlie Kaufman, know that the exercise to "homogenize" IKEv2 and JFK has moved us further away from the original goal of simplicity and completeness. We had that back in December of last year with IKE v2, a complete protocol package with v1 complexity removed. It was complete enough to allow for implementation trials.
Competent technical people will always find reasons to seek modifications to any draft in an effort to make it "just right". Steve Kent offered an excellent example today regarding revised identities to IKEv2. As a WG, we have argued the merits of crypto suites or not, 4 messages with stateless cookies vs. 2, and recently, key size conformance just to name a few. We have parsed the requirements and sought more opinions as to which requirements are most important. We have summarized those desired requirements and discussed them again. For more than a year we have churned like butter the next version of IKE with a multitude of "perfections" that consumed hours of thought and countless words of opinion. In seeking perfection and perhaps peace, we have lost the whole purpose which caused this WG to correct IKEv1. I do not advertise myself as an expert on the intricacies of IKE, but I do know that this perpetual churn does not necessarily create a better protocol or satisfy all the parties involved. One of the common complaints that permeate the IETF is that it takes too long for drafts to come out of the WG. Often the window of opportunity is lost because industry cannot wait for the perfect solution. This IKE exercise is the poster child for that problem.
With all due respect to the WG chairs and the Security ADs, leadership on this specific issue needs to be asserted and closure effected now. Closure means that a specific version of a released draft is acknowledged as the preferred draft and is forwarded to the IESG. Freeze that draft and do not accept any further changes. We do not need more technical stroking, nor do we need more discussions about making IKE better. All that has been done in excruciating detail. Words to this effect were boldly announced by the AD at the end of the March '02 meeting. But we keep churning and will continue to do so until a draft is recommended and moved forward out of IPsec.
If you agree with this assessment of the IKE issue, challenge our WG Chairs and ADs to close debate and move forward. Whatever your opinion, no one can say that the Chairs did not allow for adequate debate.
Regards,
Dennis Beard
613-768-0323