[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: minor Photuris changes

To: ipsec@ans.net
Subject: Re: minor Photuris changes
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Fri, 8 Sep 95 14:13:54 GMT

> From: Hilarie Orman <ho@cs.arizona.edu>
> We've been looking at this some, and we feel that Photuris must have
> the class identifiers that ISAKMP uses.  Did your discussions get around
> to this?
>
We discussed the convoluted/layered class/sets et alia at some length,
and we concluded this is more of a implementation command processing
issue than a protocol issue.  It is much more rational for the
implementor to decide which are the few useful combinations of
attributes, than to have each user try to configure the correct classes
and sets of attributes in each environment.  Reduces the number of
points of interoperability failure.

Phil, Ran and I all deemed that there were too many variable layerings,
although Phil is even more conservative than I am on this topic.
Experience has shown that this is very difficult for many implementors
to handle correctly.  As the IP length versus UDP length, PPP packet
length versus sum of option lengths, etc, showed us in the past.

Therefore, Photuris indicates in the Appendix which attributes are
useful for which operations (an addition I made between drafts 00 and 01
at the request of a WG member).  Perhaps more text could be provided for
implementation notes?  I will try to add more detail in the next draft.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: possible AH & IPv4 compromise
Next by Date: Blocks of SPIs
Prev by thread: minor Photuris changes
Next by thread: possible AH & IPv4 compromise
Index(es):
- Main
- Thread