Re: is manual keying mandatory

Robert Moskowitz <rgm-sec@htt-consult.com> Thu, 19 March 1998 16:24 UTC

Message-Id: <3.0.5.32.19980319113009.009ed400@homebase.htt-consult.com>
Date: Thu, 19 Mar 1998 11:30:09 -0500
To: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>, "IPSEC Mailing List (E-mail)" <ipsec@tis.com>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Subject: Re: is manual keying mandatory
In-Reply-To: <199803182344.XAA14394@orchard.arlington.ma.us>
References: <Your message of "Wed, 18 Mar 1998 13:51:35 -0800 ." <E301AC63A589D111B63100805F15808901000C18@red-msg-07.dns.microsoft.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

At 06:44 PM 3/18/98 -0500, Bill Sommerfeld wrote:
>I feel strongly that manual keying should continue to be a MUST.

I also feel it should remain a MUST.

>There are going to be some times when the full complexity of ISAKMP
>won't be necessary; having manual keying universally available will
>improve interoperability and configurability in those situations...

I was jsut talking to Rodney about this.  There will be other KMPs, like
smartcards injecting session keying material based on barometric pressure
or some such.

>It also leaves makes more room for experimentation with new key
>management techniques, since a new key management system can be
>grafted on through the "manual" key management interface.

There will be business requirements that will leverage off of this.
Perhaps an imbedded system might only do manual keys, so the workstation
that talks to that system (say a pacemaker, how is that for an 'imbedded
system') will also need to support manual keys.

>It's also useful in testing to ensure that the transforms, etc., are
>in a position to really reject things like weak keys.

probably the only way to test weak keys code paths.

Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

is manual keying mandatory Roy Pereira
RE: is manual keying mandatory William Dixon
Re: is manual keying mandatory Derrell D. Piper
Re: is manual keying mandatory Bill Sommerfeld
Re: is manual keying mandatory Dan McDonald
Re: is manual keying mandatory (fwd) Jackie Wilson
Re: is manual keying mandatory Bronislav Kavsan
Re: is manual keying mandatory Perry E. Metzger
Re: is manual keying mandatory (fwd) Perry E. Metzger
Re: is manual keying mandatory Michael C. Richardson
Re: is manual keying mandatory (fwd) Paul Koning
Re: is manual keying mandatory Phil Servita
Re: is manual keying mandatory (fwd) Robert Moskowitz
Re: is manual keying mandatory Robert Moskowitz
Re: is manual keying mandatory (fwd) Larry Backman
FW: is manual keying mandatory Roy Pereira
Re: is manual keying mandatory (fwd) Robert Moskowitz
RE: is manual keying mandatory (fwd) Rob Adams
Re: is manual keying mandatory Steve Sneddon
RE: is manual keying mandatory Bede McCall
Re: is manual keying mandatory Daniel Harkins
Re: is manual keying mandatory Bronislav Kavsan
[Fwd: is manual keying mandatory] Bronislav Kavsan
Re: is manual keying mandatory Theodore Y. Ts'o
Re: is manual keying mandatory (fwd) Daniel C. Fox
Re: is manual keying mandatory (fwd) Paul Lambert
Re: is manual keying mandatory Steve Sneddon
Re: is manual keying mandatory Michael Richardson
Re: is manual keying mandatory Dave Carrel
Re: is manual keying mandatory Bronislav Kavsan
Re: is manual keying mandatory Bronislav Kavsan
Re: is manual keying mandatory Dave Carrel
RE: is manual keying mandatory Bede McCall
Re: is manual keying mandatory EKR
Re: is manual keying mandatory Bronislav Kavsan
RE: is manual keying mandatory Bede McCall
Re: is manual keying mandatory Derrell D. Piper
Re: is manual keying mandatory Perry E. Metzger
Re: is manual keying mandatory Bronislav Kavsan
Re: is manual keying mandatory Steve Sneddon
Re: is manual keying mandatory Ran Atkinson
Re: is manual keying mandatory (fwd) Hilarie Orman