OPEN ISSUE: Standards Track
Charles E. Perkins
charliep at IPRG.nokia.com
Thu May 22 15:33:26 CEST 2003
Hello Keith,
Keith Moore wrote:
> > _nobody_ claims that AH and ESP were insecure because they
> > were standardized without key distribution.
>
> not insecure, just useless. and the fallback to bare IP _is_ insecure.
They weren't useless, because as Steve B. said, you could
use preconfigured keys. Do you really claim that's useless?
> I'd also claim that IPsec implementation in hosts is useless without an
> API that allows apps to determine the validity of their peers'
> credentials...
We can't boil the ocean all the time.
First the basic headers.
Then the key distribution.
Then the APIs.
If the basic headers were never published in a stable
document, I'll bet the whole process would stall and
_nothing_ would have gotten done.
> maybe this is another illustration that we don't really try to
> understand the full scope of the problem until it gets to IESG.
> and it's hardly surprising if IESG does a poor job of fixing that.
It's equally well an illustration that we can't boil
the ocean over and over again -- especially with new
people every time. We need to boil a few gallons first,
and then a few truckloads. Failure to publish is a
distinct impediment in the process, and I think that
timely publication of a stable Proposed Standard should
be a good initial step.
Regards,
Charlie P.
More information about the Problem-statement
mailing list