Re: Draft Charter IPSEC WG

[Steve Kent <kent@BBN.COM>]

Steve,

	Ypu misunderstand the progress (or lack thereof ) re SP3/4,
NLSP, etc.  There is a key management protocol for use with SP3/4 and
there is at least one product sold which makes use of this protocol.
The delays in NLSP have a lot to d with the efforts of some folks to
shoehorn in connection-oriented protoco, support, after SP3 was
desogned for a connectionless environment.  So, I think some of the
conclusions you are reaching re the importance of closely tied
development of key management protocol may be based on inaccurate
perceptions of what has happened with regard to the protocols you
cited.

	On the other hand, I do believe that it is important to
have the net layer security protocol work done in close concert
with a key management effort.  My only concern, as stated in my initial
message, is that we not get so focused that the resulting key
management protocol becomes usable ONLY for layer 3.

	The key management infrastructure developed for PEM is usable
for the network layer, in an interactive context, but the way
certificates are used would be different 9to accommodate tye real time
exchange).  Alternatively, one could develop an approach based on the
DH and subsequent RSA exchange Phil described.  This needs to be
explored in a context larger than just the network layer
 if we are to get maximum benefit from the resulting effort.

Steve

P.S.  And yes, there has been substantial work in this area.

---

References:

• Re: Draft Charter IPSEC WG
• From: Stephen D Crocker <crocker@TIS.COM>

---

• Prev by Date: RE: Re: IPSEC & ROAD
• Next by Date: No Subject
• Prev by thread: Re: Draft Charter IPSEC WG
• Next by thread: Re: Draft Charter IPSEC WG
• Index(es):
  • Main
  • Thread