From: daw@cs.berkeley.edu (David Wagner)
Date: Sat, 31 May 1997 05:33:46 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Crypto Disputes
In-Reply-To: <1.5.4.32.19970529230949.00937498@pop.pipeline.com>
Message-ID: <5mngcl$4e7@joseph.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


In article <1.5.4.32.19970529230949.00937498@pop.pipeline.com>,
John Young  <jya@pipeline.com> wrote:
>      For two years, the IETF Security Group has labored to
>      hammer out the IP Security (IPSec) protocol, a standard way
>      that businesses can open up an encrypted link to a trading
>      partner's network. [...]
> 
>      But an unresolved, bitter dispute over the technique for
>      automatically swapping keys over the 'Net - referred to as
>      key management - has resulted in two incompatible schemes
>      in the IPSec specification.
> 
>      In this battle of the acronyms, the debate centers on the
>      Simple Key Management for IP (SKIP), developed by Sun
>      Microsystems, Inc., and the Internet Secure Association Key
>      Management Protocol (ISAKMP), developed by the National
>      Security Agency. 

Heh.  This article is way behind the times.  (Either that, or the reporter
has been listening too closely to Sun marketing hype.)

ISAKMP/Oakley has been endorsed as the mandatory-to-support key management
standard for ipsec.  Proposals to make SKIP mandatory were explicitly rejected.

The bitter debate is over, and ISAKMP/Oakley won.

>                         The link is encrypted after authentication
>      by means of an X.509 digital certificate at an IPSec-based
>      firewall or gateway. 

Hoo boy is this reporter clueless!  Don't you believe it for even an instant.