[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Position statement on IKE development



> Let's hold an international design competition to select a key 
> management protocol for IPSec in a manner similar to how NIST did
> the AES selection (although I hope it takes less than 5 years).
> Once we get to a final 5, then let's cryptanalyze them and select
> the best one.  In this manner hopefully we can avoid a 2nd debacle.

the worst of IKE's problems are not in the cryptography.

Besides the general complexity of encoding, there's also the matter of
robustness in the face of retransmissions, as well as loss of peer
state.  Not to mention flash crowds and flooding attacks..