William Allen Simpson <[EMAIL PROTECTED]> writes: >So, where is the community to replace ISAKMP with something more robust?
Already happened, unfortunately it's diverged into three different branches: - VPN hardware vendors replaced it with "management tunnels", typically things like single-DES-encrypted backdoors with no message integrity or message flow integrity protection and 8-character uppercase-only passwords. - Open source folks replaced it with OpenVPN. - The remaining user base replaced it with on-demand access to network engineers who come in and set up their hardware and/or software for them and hand-carry the keys from one endpoint to the other. I guess that's one key management model that the designers never anticipated... I wonder what a good name for this would be, something better than the obvious "sneakernet keying"? Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
