Re: IPsec Minutes from Montreal

[Ashar Aziz <ashar@osmosys.incog.com>]

About two weeks ago I sent the following protest regarding the
Montreal meeting minutes to the IPsec chairs.  I haven't seen
a correction posted or received any response to my message.
Since the minutes went out on the ipsec mailing list, I would
like to make my objections known here also.


-----------(Begin Forwarded Message)--------------------------
From:                  <ashar>
To:                     palamber@us.oracle.com, rja@cisco.com, jis@mit.edu
Subject:           Re: IPsec Minutes from Montreal
Date sent:            Tue, 3 Sep 1996 17:07:12

Folks,

I would like to protest at the way the meeting minutes were
reported for the ipsec Montreal meeting. Although these
were published a few weeks ago, I have only recently had
a chance to catch up to the postings on the ipsec list.

IMHO the meeting minutes should reflect what transpired, and
not be editorialized with the minute writer's personal views
of the various proposals. 

Also, when there are competing proposals, I believe some 
consideration should be given to fairness in the way the various 
proposals are described. I refer specifically to the use of 
adjectives such as "significant overhead", "hard to implement 
and scale" and "claimed" support of multicast when describing 
SKIP. By contrast, adjectives used for ISAKMP/Oakley are 
"very general", "very flexible", etc.

In addition, I have the following very specific objections to 
the minutes, which I am submitting for the record.

> From ipsec-request@neptune.tis.com Mon Aug  5 16:56 PDT 1996
> The minutes of the last IPsec Working Group were posted to the IETF weeks ago 
> and have yet to appear in the official archive.  For those of you that missed 
> attending the meeting in Montreal the minutes are attached below. 
>  
>  
> Regards, 
>  
> Paul 
> -------------------------------------------------------------- 

> 	Ashar Aziz presented SKIP.  Note the use of the SKIP header 
> between IP header and AH or ESP.  Two modes of use: the first mode has no 
> setup messages once the master keys are in place, no Perfect Forward Secrecy, 
> and has significant per-message overhead.  This mode relies on pre-positioned 
> D-H master keys from which unicast keys are derived.  The second mode uses 
> ephemeral Diffie-Hellman, with certificates, in a 4-6 message exchange, with 
> approximate PFS, anonymity, etc.  Claimed multicast mode support is based
on a 
> group co-ordinator creating a group key (distribution of the private key to 
> group members is not described here and is potentially hard to implement or 
> scale) which the sender uses as the target for Diffie-Hellman computation. 
> Checkpoint, Toshiba, ETH, Sun have interoperable implementations of SKIP, 
> based on recent testing.  Some gaps in the SKIP-06 spec were uncovered, and 
> are being fixed in the next draft.  Ashar pushed for adoption of the 
> certificate discovery protocol (CDP) independent of SKIP.  Also can move CRLs 
> as well as certificates, not just X.509 certificates, but PGP too. 
>  

First, the SKIP PFS exchange requires 2 messages, not 4-6. 
This is what I presented at the talk, and is present in
the SKIP PFS I-D. 

Second, I don't understand what "approximate PFS" means. Is
this a new term? If so, I would like to be enlightened,
with perhaps some reference to the relevant literature.
In any case, this is not a term that I used, and not
something that come up during the discussion.

Third, wrt "claimed" multicast support, distribution
of group private key WAS described at the meeting. In fact more
than one way of distributing the group private key was
described. One of these used an exanding ring multicast
search, which gets around the single node responsible
for distributing the group private key. In any case, there
were no comments about "difficult to implement" or
"scaling" at the meeting, and therefore it would have
been more pleasant to not find these in the meeting minutes
(which I assume are the minute writer's personal views).

Same comment wrt "significant per message overhead" description.
This was not something that came up at the meeting, and
is a subjective evaluation. Again, I assume this is a personal
opinion of the minute writer and not something that should
be part of the meeting minutes.

Also, the group private key is not used as the target
for any Diffie-Hellman computation. This is simply a
misunderstanding of the protocol on the part of the minute
writer.

> 	Doug Maughan reported on ISAKMP.  Free software is available via MIT 
> server at http://web.mit.edu/network/isakmp.  

And finally, we also have free software which we mentioned at
the meeting, and gave the URL to. In fairness, perhaps it too 
should have been in the meeting minutes for the benefit of those 
who couldn't attend?

I can understand that the minute writers (I assume that this
included the chairs) have personal opinions about the competing 
proposals. May I request, however, that the meeting minutes not 
be used as the forum to promulgate these opinions, when they 
don't correspond to events that transpired at the meeting?

Ashar.