Re: IPsec Minutes from Montreal
"PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com> Mon, 16 September 1996 19:13 UTC
Received: from cnri by ietf.org id aa19515; 16 Sep 96 15:13 EDT
Received: from neptune.hq.tis.com by CNRI.Reston.VA.US id aa08828; 16 Sep 96 15:13 EDT
Received: from neptune.tis.com by neptune.TIS.COM id aa19543; 16 Sep 96 14:52 EDT
Received: from relay.hq.tis.com by neptune.TIS.COM id aa19527; 16 Sep 96 14:47 EDT
Received: by relay.hq.tis.com; id OAA10985; Mon, 16 Sep 1996 14:50:57 -0400
Received: from sol.hq.tis.com(10.33.1.100) by relay.tis.com via smap (V3.1.1) id xma010965; Mon, 16 Sep 96 14:50:30 -0400
Received: from relay.hq.tis.com by tis.com (4.1/SUN-5.64) id AA21638; Mon, 16 Sep 96 14:49:43 EDT
Received: by relay.hq.tis.com; id OAA10951; Mon, 16 Sep 1996 14:50:26 -0400
Received: from inet-smtp-gw-1.us.oracle.com(192.86.155.81) by relay.tis.com via smap (V3.1.1) id xma010939; Mon, 16 Sep 96 14:50:00 -0400
Received: from maildig1.us.oracle.com by inet-smtp-gw-1.us.oracle.com with SMTP (8.6.12/37.7) id LAA04395; Mon, 16 Sep 1996 11:52:23 -0700
Received: by maildig1.us.oracle.com (5.65v3.2/37.8) id AA04438; Mon, 16 Sep 1996 11:52:20 -0700
Message-Id: <9609161852.AA04438@maildig1.us.oracle.com>
Date: Mon, 16 Sep 1996 11:51:58 -0700
From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
To: ipsec@tis.com
Subject: Re: IPsec Minutes from Montreal
X-Orcl-Application: In-Reply-To: UNX02.US.ORACLE.COM:ipsec-request@neptune.hq.tis.com's message of 13-Sep-96 16:52
Mime-Version: 1.0
X-Mailer: Oracle InterOffice (version 2.1.16.0.0)
Content-Type: multipart/mixed; boundary="=_ORCL_25726407_0_11919609161253200"
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
Ashar, Your constructive comments on the minutes were received and an updated set of minutes reflecting your clarifications have been prepared (last week actually). They will be posted soon. >I can understand that the minute writers (I assume that this >included the chairs) have personal opinions about the competing >proposals. May I request, however, that the meeting minutes not >be used as the forum to promulgate these opinions, when they >don't correspond to events that transpired at the meeting? As one of the chairs, I can honestly say that we do not use the minutes to promulgate opinions. We are quite lucky to have various contributions of notes each meeting to capture the events. We are lucky just to get minutes out. IPsec has been having some very "eventful" meetings, so it is likely that all of the details may not have been captured. There are also differences of opinion that can be hard to capture. For example: >First, the SKIP PFS exchange requires 2 messages, not 4-6. >This is what I presented at the talk, and is present in >the SKIP PFS I-D. It is true that your presentation claimed that SKIP PFS exchange takes 2 messages. It is also true that other members of the working group claim that SKIP PFS takes 4 to 6 messages. So depending on who you ask the answer is 2 to 6 messages. I am sure that this confusion will be resolved by the working group, but it is difficult to document in the minutes this type of difference in opinion. >About two weeks ago I sent the following protest ... The chairs (Ran and myself) appreciate contributions and comments, but please calm done and quite complaining. The minutes have been improved by the clarifications you recommended and "protesting" is unnecessary. Regards, Paul ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Paul Lambert Director of Security Products Oracle Corporation Phone: (415) 506-0370 500 Oracle Parkway, Box 659410 Fax: (415) 633-2963 Redwood Shores, CA 94065 E-Mail: palamber@us.oracle.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Secure Jobs" -> send resumes to: palamber@us.oracle.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Begin Message ---About two weeks ago I sent the following protest regarding the Montreal meeting minutes to the IPsec chairs. I haven't seen a correction posted or received any response to my message. Since the minutes went out on the ipsec mailing list, I would like to make my objections known here also. -----------(Begin Forwarded Message)-------------------------- From: <ashar> To: palamber@us.oracle.com, rja@cisco.com, jis@mit.edu Subject: Re: IPsec Minutes from Montreal Date sent: Tue, 3 Sep 1996 17:07:12 Folks, I would like to protest at the way the meeting minutes were reported for the ipsec Montreal meeting. Although these were published a few weeks ago, I have only recently had a chance to catch up to the postings on the ipsec list. IMHO the meeting minutes should reflect what transpired, and not be editorialized with the minute writer's personal views of the various proposals. Also, when there are competing proposals, I believe some consideration should be given to fairness in the way the various proposals are described. I refer specifically to the use of adjectives such as "significant overhead", "hard to implement and scale" and "claimed" support of multicast when describing SKIP. By contrast, adjectives used for ISAKMP/Oakley are "very general", "very flexible", etc. In addition, I have the following very specific objections to the minutes, which I am submitting for the record. > From ipsec-request@neptune.tis.com Mon Aug 5 16:56 PDT 1996 > The minutes of the last IPsec Working Group were posted to the IETF weeks ago > and have yet to appear in the official archive. For those of you that missed > attending the meeting in Montreal the minutes are attached below. > > > Regards, > > Paul > -------------------------------------------------------------- > Ashar Aziz presented SKIP. Note the use of the SKIP header > between IP header and AH or ESP. Two modes of use: the first mode has no > setup messages once the master keys are in place, no Perfect Forward Secrecy, > and has significant per-message overhead. This mode relies on pre-positioned > D-H master keys from which unicast keys are derived. The second mode uses > ephemeral Diffie-Hellman, with certificates, in a 4-6 message exchange, with > approximate PFS, anonymity, etc. Claimed multicast mode support is based on a > group co-ordinator creating a group key (distribution of the private key to > group members is not described here and is potentially hard to implement or > scale) which the sender uses as the target for Diffie-Hellman computation. > Checkpoint, Toshiba, ETH, Sun have interoperable implementations of SKIP, > based on recent testing. Some gaps in the SKIP-06 spec were uncovered, and > are being fixed in the next draft. Ashar pushed for adoption of the > certificate discovery protocol (CDP) independent of SKIP. Also can move CRLs > as well as certificates, not just X.509 certificates, but PGP too. > First, the SKIP PFS exchange requires 2 messages, not 4-6. This is what I presented at the talk, and is present in the SKIP PFS I-D. Second, I don't understand what "approximate PFS" means. Is this a new term? If so, I would like to be enlightened, with perhaps some reference to the relevant literature. In any case, this is not a term that I used, and not something that come up during the discussion. Third, wrt "claimed" multicast support, distribution of group private key WAS described at the meeting. In fact more than one way of distributing the group private key was described. One of these used an exanding ring multicast search, which gets around the single node responsible for distributing the group private key. In any case, there were no comments about "difficult to implement" or "scaling" at the meeting, and therefore it would have been more pleasant to not find these in the meeting minutes (which I assume are the minute writer's personal views). Same comment wrt "significant per message overhead" description. This was not something that came up at the meeting, and is a subjective evaluation. Again, I assume this is a personal opinion of the minute writer and not something that should be part of the meeting minutes. Also, the group private key is not used as the target for any Diffie-Hellman computation. This is simply a misunderstanding of the protocol on the part of the minute writer. > Doug Maughan reported on ISAKMP. Free software is available via MIT > server at http://web.mit.edu/network/isakmp. And finally, we also have free software which we mentioned at the meeting, and gave the URL to. In fairness, perhaps it too should have been in the meeting minutes for the benefit of those who couldn't attend? I can understand that the minute writers (I assume that this included the chairs) have personal opinions about the competing proposals. May I request, however, that the meeting minutes not be used as the forum to promulgate these opinions, when they don't correspond to events that transpired at the meeting? Ashar.--- End Message ---
- IPsec Minutes from Montreal PALAMBER.US.ORACLE.COM
- Re: IPsec Minutes from Montreal John Gilmore
- Re: IPsec Minutes from Montreal PALAMBER.US.ORACLE.COM
- Re: IPsec Minutes from Montreal Ashar Aziz
- Re: IPsec Minutes from Montreal PALAMBER.US.ORACLE.COM
- Re: IPsec Minutes from Montreal ipsec-approval
- Re: IPsec Minutes from Montreal PALAMBER.US.ORACLE.COM
- Re: IPsec Minutes from Montreal
- Re: IPsec Minutes from Montreal Ashar Aziz
- Re: IPsec Minutes from Montreal Ashar Aziz