Re: is manual keying mandatory
Dave Carrel <carrel@ipsec.org> Mon, 23 March 1998 22:28 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id RAA26554 for ipsec-outgoing; Mon, 23 Mar 1998 17:28:21 -0500 (EST)
Message-Id: <199803232240.OAA28802@weenie.redbacknetworks.com>
To: bkavsan@ire-ma.com
cc: Steve Sneddon <sned@cisco.com>, "Theodore Y. Ts'o" <tytso@MIT.EDU>, ipsec@tis.com
From: Dave Carrel <carrel@ipsec.org>
Subject: Re: is manual keying mandatory
In-reply-to: Your message of "Mon, 23 Mar 1998 17:07:16 EST." <3516DD14.D23C6BDE@ire-ma.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <28799.890692858.1@RedBackNetworks.com>
Date: Mon, 23 Mar 1998 14:40:58 -0800
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
> > Can you give any reason why > > you CAN NOT do manual keying?? > > Here are the reasons: > - there is no "standard" key distribution mechanism for symmetric keys (I gue > ss I > can get on the phone with another guy and negotiate key values) > - there is no "standard" mechanism for negotiation key lifetimes (should I al > so > use the phone?) > - how to re-key? - (get on the phone again?) > - what is the encapsulation context - tunnel/transport? (my phone bill is get > ting > higher?) > etc, etc, etc. These are all good reasons for why you don't WANT to base a product on manual keying. But every time you tried to give a reason why you can't do it, you have included in parentheses an example of how you COULD do it. So in other words, you have not answered the question nor contributed anything new to the discussion. We all know why manual keying doesn't scale and we all know why it's impractical in most real world situations. The point isn't that manual keying is a great thing. (I don't personally think it needs to be in the documents. BUT IT IS! And I know that everyone could actually implement if they would just stop whining.) The point is that it can be done and we need to stop trying to find one more reason to delay the documents. 'nuff said. Dave
- is manual keying mandatory Roy Pereira
- RE: is manual keying mandatory William Dixon
- Re: is manual keying mandatory Derrell D. Piper
- Re: is manual keying mandatory Bill Sommerfeld
- Re: is manual keying mandatory Dan McDonald
- Re: is manual keying mandatory (fwd) Jackie Wilson
- Re: is manual keying mandatory Bronislav Kavsan
- Re: is manual keying mandatory Perry E. Metzger
- Re: is manual keying mandatory (fwd) Perry E. Metzger
- Re: is manual keying mandatory Michael C. Richardson
- Re: is manual keying mandatory (fwd) Paul Koning
- Re: is manual keying mandatory Phil Servita
- Re: is manual keying mandatory (fwd) Robert Moskowitz
- Re: is manual keying mandatory Robert Moskowitz
- Re: is manual keying mandatory (fwd) Larry Backman
- FW: is manual keying mandatory Roy Pereira
- Re: is manual keying mandatory (fwd) Robert Moskowitz
- RE: is manual keying mandatory (fwd) Rob Adams
- Re: is manual keying mandatory Steve Sneddon
- RE: is manual keying mandatory Bede McCall
- Re: is manual keying mandatory Daniel Harkins
- Re: is manual keying mandatory Bronislav Kavsan
- [Fwd: is manual keying mandatory] Bronislav Kavsan
- Re: is manual keying mandatory Theodore Y. Ts'o
- Re: is manual keying mandatory (fwd) Daniel C. Fox
- Re: is manual keying mandatory (fwd) Paul Lambert
- Re: is manual keying mandatory Steve Sneddon
- Re: is manual keying mandatory Michael Richardson
- Re: is manual keying mandatory Dave Carrel
- Re: is manual keying mandatory Bronislav Kavsan
- Re: is manual keying mandatory Bronislav Kavsan
- Re: is manual keying mandatory Dave Carrel
- RE: is manual keying mandatory Bede McCall
- Re: is manual keying mandatory EKR
- Re: is manual keying mandatory Bronislav Kavsan
- RE: is manual keying mandatory Bede McCall
- Re: is manual keying mandatory Derrell D. Piper
- Re: is manual keying mandatory Perry E. Metzger
- Re: is manual keying mandatory Bronislav Kavsan
- Re: is manual keying mandatory Steve Sneddon
- Re: is manual keying mandatory Ran Atkinson
- Re: is manual keying mandatory (fwd) Hilarie Orman