Re: is manual keying mandatory

[Steve Sneddon <sned@cisco.com>]

Could somebody planning a *commercial* IPSec implementation which actually
uses manual keying spend a few minutes and tell us the details of
transmittal and storage of keys, etc.? Could they also discuss any
"insecurities" inherent in the problem? Or is manual keying in the spec only
for diagnostic sorts of images and bakeoffs?

TIA

At 09:24 AM 3/19/98 -0500, Michael C. Richardson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>>>>>> "William" == William Dixon <wdixon@microsoft.com> writes:
>
>    William> Since we have put so much effort into IKE now, I don't think it
>    William> should be a MUST.
>
>  IKE took a lot of effort because it is complicated. All complicated systems
>need good run time diagnostics tools. Manual keying is an important
>diagnostic tool because it verifies that the problem isn't in the IPsec
>portions. 
>  If supporting a manual keying API requires too much memory, or something,
>then alternate boot images may be an option.
>
>   :!mcr!:            |  Sandelman Software Works Corporation, Ottawa, ON  
>   Michael Richardson |Network and security consulting and contract programming
> Personal: <A
HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">
mcr@sandelman.ottawa.on.ca</A>. PGP key available.
> Corporate: <A
HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>. 
>
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: 2.6.3ia
>Charset: latin1
>Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
>
>iQB1AwUBNREqrNiXVu0RiA21AQFl4wMAwLEFCj0YzaRtauWRThZuCe6DSEtbL4xo
>ZMSGvd3IRpq9u4E1vk8gcJHoPRYwD4udL8hWsr1X6MSBlf3MoqEnuiUjT83+MYKl
>hx0kZZcRGwDBLwKIRlpKEYl1JszOX5m5
>=uGLV
>-----END PGP SIGNATURE-----
>
>