[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Versions

To: bsimpson@morningstar.com
Subject: Re: Versions
From: Robert Glenn <glenn@osi.ncsl.nist.gov>
Date: Fri, 5 Aug 94 09:22:46 EDT
Cc: ipsec@ans.net



Bill,

I'll go along with the idea that both a version number and a
protocol ID will give you enough information to demultiplex
different (versions of) protocols.   The only differences between
the two that I can think of are:

1) The numbers come out of a different number space.  This results
   in a different level of control over being able to change/adapt.

2) The recipient of a new version of an IPSP protocol packet will interpret
   an unsupported packet differently.  In one case the packet will be
   interpreted as an IPSP packet with an unsupported SAID.  The other
   case is that IP will receive a packet and be unable to determine the
   next protocol (ie., IP won't be able to determine if this is a
   security protocol, or any thing else).

3) One results in changing the IP code space, the other results in
   changing the IPSP code space. 

I'm not sure as to the importance of these points.  1) seemed to be
the primary factor at the IPSEC meeting for having a version number
instead of using new protocol numbers. 2) is an interesting observation,
and what is done with the implied information could fall into a 
managment issue.  The initial result is the same (ie., the packet
is dropped), but the overal result might be different depending on
how that information could be used.  3) is trivial in a BSD OS environment
where users can recompile there kernels, it might not be trivial in a 
more proprietary OS.

Along these lines, I'd prefer the version number.  I agree with Perry,
I'd like to see more discussion on this.

Rob G.
glenn@osi.ncsl.nist.gov

Prev by Date: Re: Versions
Next by Date: Re: Versions
Prev by thread: Re: Versions
Next by thread: Writing
Index(es):
- Main
- Thread