RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

[Robert Moskowitz <rgm-ietf at htt-consult.com>]

At 05:45 PM 3/26/98 -0800, JGC wrote:
>The issue that Greg brings up is very important.  My company relies on
>port information heavily for analysis of protocols and applications and
>if this information is obscured it becomes difficult to accurately
>report on the different applications that are running.
>
For this note, I am taking my co-chair hat off, and dusting off my now old
user hat (that Stetson was getting a little worn out ;).

>From as far back as Danvers IETF (yo Jim ;) we warned what IPsec would mean
to the Internet and called on other groups to start designing for IPsec
deployment.  Other than the beginnings from DIFSRV, there has been no
interaction.  In fact we recently had to call a special get together of
IPsec and CA developers to work out interoperablity between 2 security
components!

FOlks, the community has spent FIVE YEARS working on IPsec (from the first
swIPe work).  You all knew this was coming.  It is needed even if you have
above-transport security (TLS, SSH).  Once the APIs (PF_KEY, CDSA, etc)
link into IPsec, we amy see it as the predominate security methodlogy in
Intranets and Inter-company traffic.

It is time for the other IETF areas that IPsec will impact to get ready to
work with IPsec, not agan it.

It is almost as if some people were expecting IPsec to fail so they ignored
it....  :(