The IETF prides itself on an open process, and I would expect such a
review to take place in an open and documented manner. Even if the
bottom line is, "they are all the same". A named individual should take
responsibility for the outcome.
And if vendors are so interested in a PAKE solution, well they could
always sponsor a starving cryptographer for a few days' work, for the
benefit of the community. In fact I can think of at least one VPN vendor
who actually employs cryptographers.
Thanks,
Yaron
On 08/03/2011 09:07 PM, Yoav Nir wrote:
On Aug 3, 2011, at 8:09 PM, Yaron Sheffer wrote:
Hi Yoav,
as a coauthor on one of these documents, I find your proposal below
positively insulting. There were three author teams, and you should give
them credit for having rational reasons for publishing these documents
and moving them through the IETF progress.
Rolling a dice is a lazy solution that wouldn't result in an outcome we
can justify. OTOH, an open cryptographic review of the three options
most certainly would.
The way I've heard it, such a review did take place without the desired results.
Managers sometimes need to make decisions even without complete knowledge. And
in such cases that decision can seem to be based on a hunch or rolling the die.
It's better than this decision not to decide, because it shifts the burden to
developers.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
