RE: Son-of-IKE Performance

[Jan Vilhuber <vilhuber@cisco.com>]

On Fri, 7 Dec 2001, Andrew Krywaniuk wrote:

> > But those details are not nearly as controversial as JFK vs.
> > IKEv2 vs.
> > SIGMA vs. XKASS, and not even as controversial as the requirements on
> > which we'll base that choice.  This is, I think, obvious to
> > everyone.
> > Why are you beating on this point?  Is there anyone here, with the
> > possible exception of you, who thinks that this is the
> > crucial criterion
> > on which the WG is going to decide among the different proposals?
> 
> It is a little misleading for a protocol which being presented as the
> 'simple alternative' to omit many of the so-called minor details. I
> personally doubt that the crytographic framework will really be the deciding
> factor in which protocol advances. It might make the difference between
> IKEv2 and SIGMA, but not JFK. JFK is not just a key exchange protocol; it's
> a political movement.
> 
> Here's a question. Have the authors of JFK given any thought to how (if?)
> they will incorporate NAT-traversal? With IKEv2, the already completed
> drafts from IKEv1 can be presumably carried forward.
> 
That being said, how about we divert some of this energy to debating the
requirements doc:
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-son-of-ike-protocol-reqts-00.txt

The requirements do (I believe) talk about having to support Nat traversal
(as well as a few other things that JFK doesn't address). If we all agree to
the requirements, then we can continue debating whether JFK must add them.

jan
 --
Jan Vilhuber                                            vilhuber@cisco.com
Cisco Systems, San Jose                                     (408) 527-0847