[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ISAKMP null transforms

To: ipsec@TIS.COM
Subject: ISAKMP null transforms
From: Brett Howard <bretth@ca.newbridge.com>
Date: Tue, 18 Jun 1996 11:10:16 -0400
Sender: ipsec-approval@neptune.tis.com

In my understanding of ISAKMP, the proposal for ESP and AH are sent as a
list in order of preference.  Does it not make sense to define "null"
transform?  The rationale is this:

Suppose I wish to convey to my pier that I would like to communicate
with no AH; however, I am capable of communicating using an MD5 AH,
or, say SHA-1 AH.

As it is now, I don't see how to propose this.  I can propose no
AH transforms (true?), in which case my pier gets the wrong message
since it will think I *cannot* speak MD5; or I can propose MD5 and SHA-1
which again conveys the wrong message, since I'd really prefer no AH (and
how would this be differentiated from the case where I will not accept
anything less than, say, MD5?).

Note that this applies equally to ESP as it does to AH.

I believe being able to propose a "null" transform in each list could
solve this.

Have I missed something?

Thanks!
Brett

Follow-Ups:

Re: ISAKMP null transforms

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: UUNET Network Encryption Patents
Next by Date: Re: UUNET Network Encryption Patents
Prev by thread: I-D ACTION:draft-ietf-ipsec-esp-des-md5-02.txt
Next by thread: Re: ISAKMP null transforms
Index(es):
- Main
- Thread