On Wed, July 27, 2011 10:49 pm, Yaron Sheffer wrote: > Unfortunately Dan cannot accept that there may be objective, non > political reasons for the group not to adopt his work. Which is the > reason why three alternative proposals were published several months > after his proposed PAKE solution.
Well there certainly wasn't a technical reason. In fact, after delaying things for several months what we ended up with were 3 drafts that were effectively _identical_ from a technical point of view. That is the prime reason that the group (and later the AD) could not agree on which one to choose. > As co-chairmen of ipsecme, Paul and I did our best to get the group to > agree on a single solution, to the point where we both supported Dan's > criteria for selecting such a solution. Unfortunately we failed: while > the group supported a PAKE in IKEv2 "in the abstract", there was not > enough energy to pick a single protocol for this purpose. You are on the record opposing PAKE from the start. It seems that your "best" is best exemplified by your treatment of your own draft which whisked through the group on to the standards track with no working group input or, apparently, interest. PAKE got delayed (by you) and ultimately killed for lack of interest even though there were emails on the list discussing the 3 drafts. > Back to the matter at hand: I am opposed to > draft-kivinen-ipsecme-secure-password-framework. It has served its > purpose when two of the proposals were changed to add method > negotiation, and thus enable IKE peers to implement none, one or more of > these methods. I believe the other justifications for this draft, > including the preservation of IANA IKEv2 namespaces, are bogus. Adopting > the rest of the framework would be a useless exercise. Speaking as an implementer, this is not a useless exercise. If one must implement > 1 of these PAKE schemes having them inside of this framework simplifies things. > Personally, given that all three current proposals are being advanced as > Experimental outside the WG, I would argue that we are wasting far too > much energy on this grand unified framework. And this includes the > current mail exchange. Then don't update your draft! Let it expire and go where dead drafts go. Dan. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
