Re: Re: [ssm] SSM with IPSec

[Toerless Eckert <eckert@cisco.com>]

On Wed, Jan 15, 2003 at 11:48:22AM -0500, Hugh Holbrook wrote:
> 
> I agree with you, and I didn't mean to imply that this was an SSM-only
> problem.  NTP is a good example of an ASM app that has the same
> problem.  The fact that this problem occurs with ASM is a complicating
> factor in determining the right solution (which is a major reason that
> I don't want to tackle it in SSM).

I don't yet understand the details of the key management yet, but
correct me if i'm wrong: Wouldn't a solution with channel-only
support (eg: SSM only) be able to be much easier than one that
needs to support a multi-source group concept ? Given that simplicity
is one key argument for SSM, it would be good if the security solution
in support of SSM was not necessarily encumbered by additional
complexity only required for ASM. Eg: probably have two approaches,
one that will only work with SSM and one which will work for ASM
but of course also SSM.

Wrong line of thought ?
_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm