Re: is manual keying mandatory (fwd)

[Jackie Wilson <jhwilson@austin.ibm.com>]

I agree.  It will be some time before all boxes support ISAKMP, but
they will need to be included in secure networks.  This will help
customers adopt ISAKMP as a standard if it is widely available.

In a few years it could probably be phased out.

Jackie



Bill Sommerfeld wrote:
> From owner-ipsec@portal.ex.tis.com  Wed Mar 18 18:11:53 1998
> Message-Id: <199803182344.XAA14394@orchard.arlington.ma.us>
> To: "IPSEC Mailing List (E-mail)" <ipsec@tis.com>
> Subject: Re: is manual keying mandatory 
> In-reply-to: Your message of "Wed, 18 Mar 1998 13:51:35 -0800 ."
>              <E301AC63A589D111B63100805F15808901000C18@red-msg-07.dns.microsoft.com> 
> Date: Wed, 18 Mar 1998 18:44:22 -0500
> From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
> Sender: owner-ipsec@ex.tis.com
> Precedence: bulk
> 
> I feel strongly that manual keying should continue to be a MUST.
> 
> There are going to be some times when the full complexity of ISAKMP
> won't be necessary; having manual keying universally available will
> improve interoperability and configurability in those situations...
> 
> It also leaves makes more room for experimentation with new key
> management techniques, since a new key management system can be
> grafted on through the "manual" key management interface.
> 
> It's also useful in testing to ensure that the transforms, etc., are
> in a position to really reject things like weak keys.
> 
> All in all, it makes for a more open, modular system.
> 
> 						- Bill
> 


-- 
Jacqueline Wilson          | Phn:  (512) 838-2702
IBM, AIX/6000              | Fax:  (512) 838-3509
11400 Burnet Road ZIP 9551 | Ext:  8-2702   Tie-Line:  678
Austin, TX 78758-3493      | inet: jhwilson@austin.ibm.com