[80875] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Crypto Disputes

daemon@ATHENA.MIT.EDU (David Wagner)
Fri May 30 18:02:58 1997

To: cypherpunks@cyberpass.net
From: daw@cs.berkeley.edu (David Wagner)
Date: 30 May 1997 14:21:25 -0700
Reply-To: daw@cs.berkeley.edu (David Wagner)

In article <1.5.4.32.19970529230949.00937498@pop.pipeline.com>,
John Young  <jya@pipeline.com> wrote:
>      For two years, the IETF Security Group has labored to
>      hammer out the IP Security (IPSec) protocol, a standard way
>      that businesses can open up an encrypted link to a trading
>      partner's network. [...]
> 
>      But an unresolved, bitter dispute over the technique for
>      automatically swapping keys over the 'Net - referred to as
>      key management - has resulted in two incompatible schemes
>      in the IPSec specification.
> 
>      In this battle of the acronyms, the debate centers on the
>      Simple Key Management for IP (SKIP), developed by Sun
>      Microsystems, Inc., and the Internet Secure Association Key
>      Management Protocol (ISAKMP), developed by the National
>      Security Agency. 

Heh.  This article is way behind the times.  (Either that, or the reporter
has been listening too closely to Sun marketing hype.)

ISAKMP/Oakley has been endorsed as the mandatory-to-support key management
standard for ipsec.  Proposals to make SKIP mandatory were explicitly rejected.

The bitter debate is over, and ISAKMP/Oakley won.

>                         The link is encrypted after authentication
>      by means of an X.509 digital certificate at an IPSec-based
>      firewall or gateway. 

Hoo boy is this reporter clueless!  Don't you believe it for even an instant.


home help back first fref pref prev next nref lref last post