IETF Logo Mail Archive

Re:IPsec wg

Fred Baker <fred@cisco.com> Fri, 20 September 1996 19:31 UTC

Received: from cnri by ietf.org id aa02160; 20 Sep 96 15:31 EDT
Received: from ietf.org by CNRI.Reston.VA.US id aa22771; 20 Sep 96 15:30 EDT
Received: from ietf.org by ietf.org id aa02152; 20 Sep 96 15:30 EDT
Received: from stilton.cisco.com by ietf.org id aa02148; 20 Sep 96 15:30 EDT
Received: from [171.69.128.114] (fred-mac-fr.cisco.com [171.69.128.114]) by stilton.cisco.com (8.6.12/8.6.5) with ESMTP id MAA18584; Fri, 20 Sep 1996 12:27:46 -0700
X-Sender: fred@stilton.cisco.com
Message-Id: <v03007801ae689227685c@[171.69.128.114]>
In-Reply-To: <199609201746.KAA28700@miraj.incog.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 20 Sep 1996 12:24:56 -0700
To: Ashar Aziz <ashar@osmosys.incog.com>
Sender: iesg-request@ietf.org
From: Fred Baker <fred@cisco.com>
Subject: Re:IPsec wg

At 10:46 AM -0700 9/20/96, Ashar Aziz spluttered:
>> So have I, please calm down and address your own concerns rather then
>>spread
>> third party complaints.  These other "complaints" were pushed very hard in
>> July and August.  Ashar had attempted to remove my co-chair (Ran) for bias
>> through complaints to the IAB.  The accusation stated that there must be an
>> unfair bias since his employer had announced a implementation that was not
>> based on SKIP (please excuse my terse summary).  This issue was
>>addressed by
>> the IAB and no grounds or evidence for "bias" were found.

>Paul Lambert states the above.  Does this accurately state the outcome
>of the IAB or IESG review of my informal complaint?  If not, could you
>please let me know what its status is?

I have not finished my own investigation, and so have not answered you. I
forwarded the note (for informative purposes) to the IAB and IESG as well.

I have sent messages to a number of individuals who have been leaders in
the IPSEC working group, only two of which work at Cisco, asking them

	A process complaint with regard to IPSEC has been sent to me.
	Do you see any reason for a process complaint in the working group?

I have gotten back about 84K of mail discussing the history of the group
from various folks' perspectives. I have also been reviewing the archived
minutes.

There are some issues with your complaint. To name one, you state that in
October 1994, SKIP was the only solution on the table. The minutes show
that in March 1994, Phil Karn was presenting Photuris to the working group,
and the recollection of those polled is that there was code being published
by Phil, Hugo, and someone else. They may not have had an internet draft,
but they most certainly had proposals. So it is not clear that all aspects
of your complaint bear scrutiny.

As to the lateness of ISAKMP/Oakley, all concerned tell me that it is in
actuality little more than Photuris written up by someone other than Bill
Simpson, who has since relinquished his imagined rights to Photuris.

As to whether SKIP meets the working groups objectives, all concerned tell
me that as early as 1992 there was a consensus regarding the class of
solution the working group would publish. This is apparently recorded on
slides that Paul has not published as minutes, but is remembered by all the
folks I have polled. The consensus was around a solution of the general
character of Photuris or ISAKMP - Diffy-Hellman with attribute negotiation.

All concerned also tell me that SKIP is appropriate for a certain class of
network and a certain class of security problem, and would be interesting
therefore as an elective protocol. They tell me that negotiations with the
SKIP camp have not broken down over whether SKIP would be published at all,
but over whether SKIP would be mandatory to implement. They tell me that
the working group at this point has no consensus as to which solution to
deploy; one portion is very interested in SKIP, one is very interested in a
Diffy-Hellman algorithm with attribute negotiation, and one is deeply
confused and simply wants a standard chosen. The Area Director tells me
that, consistent with IETF history, the only solution he can require
implementation of is a solution which is general enough for the internet.
It is his considered opinion (and that of the security directorate), stated
last night, that ISAKMP/Oakley is a more general solution than SKIP, and is
better suited to the general requirements of the internet.

As to your specific concerns about Ran, neither the IESG nor IAB has ruled
specifically on his actions or comments. It is my personal belief, based on
conversations with him, that he is not biased against Sun or against you;
however, he honestly does not believe that SKIP meets the requirements that
the working group laid out in 1992. He has - and others have - technical
concerns, which are not hidden. In such a case, it is the responsibility of
a working group chair to either require that the objections be met or find
another solution. You may have valid concerns with the way he has done so
(I am not going to make a judgement call on that at this point), but I have
to say that he has acted in a manner consistent with that guideline.

As to the potential conflict of interest inherent in Ran working for an
employer who is working on security issues, please observe that this is
common in the IETF. John Moy, the author and designer of OSPF, chaired that
working group. Proteon, his employer, deployed the first implementation. I
have chaired several working groups, and my employer has deployed products
containing those protocols. In fact, it is unusual for someone to be
interested in leading a working group whose employer is not working on a
solution to that problem. If there is a conflict of interest in Ran working
for Cisco, it is a commonly shared problem.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I don't suffer from insanity.  I enjoy every minute of it.

v2.35.0 | Report a Bug | By Email | System Status