IETF Logo Mail Archive

RE: is manual keying mandatory

bede@mitre.org (Bede McCall) Mon, 23 March 1998 23:11 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA26878 for ipsec-outgoing; Mon, 23 Mar 1998 18:11:21 -0500 (EST)
Date: Mon, 23 Mar 1998 18:24:22 -0500
From: bede@mitre.org
Message-Id: <199803232324.SAA19889@zorch.mitre.org>
To: mcr@sandelman.ottawa.on.ca
CC: ipsec@tis.com
In-reply-to: <199803232007.PAA00766@morden.sandelman.ottawa.on.ca> (message from Michael Richardson on Mon, 23 Mar 1998 15:07:28 -0500)
Subject: RE: is manual keying mandatory
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

   Date: Mon, 23 Mar 1998 15:07:28 -0500
   From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

   [ . . . ]

     Like I said: you can burry your manual keying interface behind
   a tty based command line interface that speaks only EBCDIC if you
   want, and is available only on Thursdays with full moons.  So long as
   someone who arrives at a certification lab has a EBCDIC terminal with
   them, it won't matter.

     Just because it is in the spec doesn't mean you have to have it in
   your GUI.

   [ . . . ]

Clearly, this kind of approach is disingenuous at best and doesn't
make for either credible compliance with the spec or a sound
implementation since you end up with embedded "living dead" code.
One could end up having nightmares about hordes of undocumented
features skulking in the shadows of every IPSec implementation's
Anxiety Closet.

A much better idea:  explain what it's for in plain, honest language
and figuratively advise your customers to use the feature only on
Thursdays with full moons, and then only if their blood alcohol
content is under .03 (...legal even in Sweden, I think).

-- 
  Bede McCall   <bede@mitre.org>
  The MITRE Corporation                    Tel: (781) 271-2839
  202 Burlington Road                      FAX: (781) 271-2423
  Bedford, Massachusetts  01730-1420

v2.29.0 | Report a Bug | By Email | System Status