Re: User-level Authentication Mechanisms for IPsec

["Scott G. Kelly" <skelly@xxxxxxxxxxxx>]

Roy Pereira wrote:
> 
> > I'm not opposed to good solutions, but I am opposed to cobbling up vpn
> > market grabbers and then standardizing them. That's why I've squawked so
> > loud about xauth.
> 
> I think we all need to take a deep breath and relax.  We are all here to
> solve a specific problem and this kind of bashing isn't going to help us
> come to a single standard solution.  Which is exactly what our task is.
> Take your personal feelings home and beat up your cat instead.

I agree that bashing can be counterproductive, but I see no other way to
get through other than to be blunt, harsh though that may be.  You seem
intent upon ignoring all reasonable arguments which are contrary to
advancing these docs to RFCs. 

<trimmed...>

> Let's face it; we are all competitors here.  But we shouldn't confuse
> competitive reasons for technical ones. 

This is precisely my point, but I think your characterization is
misleading. You guys have released this "protocol" to your customers for
competitive reasons. All of us could have done the same at any time, but
many of us have chosen not to, pending a more thorough technical
evaluation (technical reasons). That evaluation is now occurring, and
there are a number of strong technical reasons for not standardizing
these mechanisms. Don't try to paint this as though you have some
technical edge, of which some of us are jealous; many of our products
accomplish these same feats in other perhaps better ways. This is not
about competition, it's about sound engineering practice.

Scott