IETF Logo Mail Archive

Re: is manual keying mandatory

Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us> Wed, 18 March 1998 23:31 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id SAA09256 for ipsec-outgoing; Wed, 18 Mar 1998 18:31:21 -0500 (EST)
Message-Id: <199803182344.XAA14394@orchard.arlington.ma.us>
To: "IPSEC Mailing List (E-mail)" <ipsec@tis.com>
Subject: Re: is manual keying mandatory
In-reply-to: Your message of "Wed, 18 Mar 1998 13:51:35 -0800 ." <E301AC63A589D111B63100805F15808901000C18@red-msg-07.dns.microsoft.com>
Date: Wed, 18 Mar 1998 18:44:22 -0500
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

I feel strongly that manual keying should continue to be a MUST.

There are going to be some times when the full complexity of ISAKMP
won't be necessary; having manual keying universally available will
improve interoperability and configurability in those situations...

It also leaves makes more room for experimentation with new key
management techniques, since a new key management system can be
grafted on through the "manual" key management interface.

It's also useful in testing to ensure that the transforms, etc., are
in a position to really reject things like weak keys.

All in all, it makes for a more open, modular system.

						- Bill

v2.29.0 | Report a Bug | By Email | System Status