[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: draft-ietf-msdp-spec
In message <200304201736.h3KHaEa17229@windsor.research.att.com>, Bill Fenner wr
ites:
>
>>Do you mean RFC 2385? The same option I'm writing an RFC deprecating,
>>because this doesn't seem to conform to the environment we're declaring
>>appropriate for it?
>
>Right. There's a real disconnect between the "use IPsec for new stuff"
>and "use TCP MD5 because we already have implementations" communities.
>IPsec with static keys (which is all that we could probably expect
>implementation of, let alone deployment) doesn't really give you that
>much more than TCP MD5.
>
>The MSDP WG was torn between specifying something that they didn't feel
>that anyone would implement (IPsec) and something that they knew that
>the IESG would not particularly approve of (TCP-MD5). The Routing Area
>directors at the time had no real direction to give.
>
I'm surprised you didn't use TLS -- it would seem to be a natural
choice.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)