Re: [IPsec] Secure Crash Discovery for IKEv2

To: Yoav Nir <ynir at checkpoint.com>
Subject: Re: [IPsec] Secure Crash Discovery for IKEv2
From: Tero Kivinen <kivinen at iki.fi>
Date: Tue, 9 Sep 2008 17:39:40 +0300
Cc: ipsec at ietf.org
Delivered-to: ietfarch-ipsec-web-archive at core3.amsl.com
Delivered-to: ipsec at core3.amsl.com
In-reply-to: <311F6EB1-0E39-45E7-A996-11297D10B99A at checkpoint.com>
List-archive: <http://www.ietf.org/pipermail/ipsec>
List-help: <mailto:ipsec-request@ietf.org?subject=help>
List-id: Discussion of IPsec protocols <ipsec.ietf.org>
List-post: <mailto:ipsec@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
References: <54B6B88E-C321-452D-9FAE-D9A48D6F3371 at checkpoint.com> <723A5136-6CBC-4DE9-8D08-AA2CAA943580 at checkpoint.com> <18630.32912.752863.589164 at fireball.kivinen.iki.fi> <311F6EB1-0E39-45E7-A996-11297D10B99A at checkpoint.com>
Sender: ipsec-bounces at ietf.org

Yoav Nir writes:
> Sure. Just like the RoHC-over-IPsec, also not an IPSECME WG item, is  
> also discussed here.

The RoHC-over-IPsec is ROHC WG item and is closing to its WG LG, so I
think now is the good time for the IPsec people to check out those.
The discussion was on both rohc and ipsec lists. The rohc items do
have higher priority than the secure crash discovery in my personal
todo list.

> Paul even said it was OK to discuss the non-WG  
> items that are related to IPsec as long as we don't hog all the  
> bandwidth.

Sure, but I just replied why I have not used time to think about the
problem yet. I have not yet even tought whether the problem really
exists, and what kind of solution is needed for it. Usually the
solution depends what is the real problem we are tring to solve. 

> Of course, opinions that there's not really a problem are  
> also welcome.

I have expressed that opinion too. See my email
http://www.ietf.org/mail-archive/web/ipsec/current/msg03009.html.

> So birth certificates are the solution to this non-existing problem?

Birth certificates might be solution to some problem, but as I am not
sure what problem we are solving, and I do not have time to start
really thinking this now, I cannot comment whether the problem exists
or whether birth certificates are solution to that problem. Others are
free to use time for this, I just expressed my opinion that it might
be better to first get some of the real wg items out and then think
the real problem we are trying to solve, i.e are we trying to recover
in less than 1, 10, 30 or 60 seconds (for 60 seconds we do not need
any changes to the protocol, just more clever implementations), are we
really trying to recover back to same gw (which means anything faster
than 60 seconds is wasted as the gateway most likely takes about 60
seconds to get up) or different gw and so on?
-- 
kivinen at safenet-inc.com
_______________________________________________
IPsec mailing list
IPsec at ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

References:
- [IPsec] Secure Crash Discovery for IKEv2
  - From: Yoav Nir
- Re: [IPsec] Secure Crash Discovery for IKEv2
  - From: Yoav Nir
- Re: [IPsec] Secure Crash Discovery for IKEv2
  - From: Tero Kivinen
- Re: [IPsec] Secure Crash Discovery for IKEv2
  - From: Yoav Nir

Prev by Date: Re: [IPsec] Secure Crash Discovery for IKEv2
Next by Date: [IPsec] Topics allowed on the mailing list
Previous by thread: Re: [IPsec] Secure Crash Discovery for IKEv2
Next by thread: [IPsec] Topics allowed on the mailing list
Index(es):
- Date
- Thread

Re: [IPsec] Secure Crash Discovery for IKEv2

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.