IETF Logo Mail Archive

Re: is manual keying mandatory

Bronislav Kavsan <bkavsan@ire-ma.com> Mon, 23 March 1998 21:59 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id QAA26349 for ipsec-outgoing; Mon, 23 Mar 1998 16:59:20 -0500 (EST)
Message-ID: <3516DD14.D23C6BDE@ire-ma.com>
Date: Mon, 23 Mar 1998 17:07:16 -0500
From: Bronislav Kavsan <bkavsan@ire-ma.com>
Reply-To: bkavsan@ire-ma.com
X-Mailer: Mozilla 4.03 [en] (WinNT; U)
MIME-Version: 1.0
To: Dave Carrel <carrel@ipsec.org>
CC: Steve Sneddon <sned@cisco.com>, "Theodore Y. Ts'o" <tytso@MIT.EDU>, ipsec@tis.com
Subject: Re: is manual keying mandatory
References: <199803232019.MAA28635@weenie.redbacknetworks.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-MDaemon-Deliver-To: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Dave Carrel wrote:

> Can you give any reason why
> you CAN NOT do manual keying??

Here are the reasons:
- there is no "standard" key distribution mechanism for symmetric keys (I guess I
can get on the phone with another guy and negotiate key values)
- there is no "standard" mechanism for negotiation key lifetimes (should I also
use the phone?)
- how to re-key? - (get on the phone again?)
- what is the encapsulation context - tunnel/transport? (my phone bill is getting
higher?)
etc, etc, etc.

------
Bronislav Kavsan
IRE Secure Solutions, Inc.
100 Conifer Hill Drive  Suite 513
Danvers, MA  01923
voice: 978-739-2384
http://www.ire.com

v2.29.0 | Report a Bug | By Email | System Status