Re: Re: Re: [ssm] SSM with IPSec

[Hugh Holbrook <holbrook@cisco.com>]

I'm not sure.

I think it will be somewhat easier but I suspect not "much easier" to
do an SSM-only solution.  But I don't know and I'm waiting to see the
msec proposal.  I do think it would be prudent to take your points
under consideration when looking at the msec proposal, though.

-Hugh

> Date: Wed, 15 Jan 2003 09:11:37 -0800
> From: Toerless Eckert <eckert@cisco.com>
> Cc: Brad Huntting <huntting@glarp.com>, ssm@ietf.org,
> 	mbaugher@cisco.com, bew@cisco.com
> 
> On Wed, Jan 15, 2003 at 11:48:22AM -0500, Hugh Holbrook wrote:
> > 
> > I agree with you, and I didn't mean to imply that this was an SSM-only
> > problem.  NTP is a good example of an ASM app that has the same
> > problem.  The fact that this problem occurs with ASM is a complicating
> > factor in determining the right solution (which is a major reason that
> > I don't want to tackle it in SSM).
> 
> I don't yet understand the details of the key management yet, but
> correct me if i'm wrong: Wouldn't a solution with channel-only
> support (eg: SSM only) be able to be much easier than one that
> needs to support a multi-source group concept ? Given that simplicity
> is one key argument for SSM, it would be good if the security solution
> in support of SSM was not necessarily encumbered by additional
> complexity only required for ASM. Eg: probably have two approaches,
> one that will only work with SSM and one which will work for ASM
> but of course also SSM.
> 
> Wrong line of thought ?

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm