RE: iSCSI Security rough consensus

[Bernard Aboba <aboba@internaut.com>]

> I think this is a case of yet another group of people
> looking at IKE and developing indigestion.  I would
> support Bernard's comment above that this ought to be
> done once in a general fashion that's useful to other
> applications provided that it can actually get done
> without pulling back in most of IKE's functionality
> as "nice to have" -- that's "son of IKE"'s job :-).
> 

Judging by behavior, the symptoms of  "IKE indigestion" seem to be
spreading. These include both a yearning for a replacement to IKE
(e.g. KINK, SRP, etc.) as well as desires for additions/changes to IKE,
primarily to support legacy authentication (XAUTH, CRACK, Hybrid). 
Originally, the symptoms were confined to the IPSRA WG, but now they have
appeared in IPS WG. If this is a true epidemic, I'd expect the emergency
rooms to start filling up around now. 

Unfortunately, "son of IKE" is not really going to be a more functional
IKE, but a "better written IKE specification with some of the unused stuff
taken out." So in terms of functionality ommissions, the "son" will
inherent the sins of the father.