[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: speaking of keys

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: speaking of keys
From: Henry Spencer <henry@spsystems.net>
Date: Mon, 9 Dec 2002 15:53:12 -0500 (EST)
In-Reply-To: <p0510031bba16bc38c1fd@[128.89.88.34]>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 6 Dec 2002, Stephen Kent wrote:
> I don't have a problem with a MAY for bigger groups, but I really 
> think it is most appropriate to focus on the management facility to 
> allow user communities to select their own, of whatever size they 
> feel is appropriate.

While I have some sympathy with that, historically IPsec has suffered
badly from an excess of useless flexibility, an unwillingness to make
decisions among largely-equivalent alternatives, and an inability to set
clear standards even when they are crucial to interoperability. 

If we think one choice is definitely preferable in most cases, but
specific users may have reasons to prefer another, we have a word for
that:  not MAY, but SHOULD.

And as a matter of basic principle, the default should be good security,
with an option to weaken it when necessary, not poor security with an
option to upgrade it. 

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

References:
- Re: speaking of keys
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: speaking of keys
Next by Date: Re: Handling of IPcomp in IKEv2
Prev by thread: Re: speaking of keys
Next by thread: Re: speaking of keys
Index(es):
- Date
- Thread