[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP null transforms

To: bretth@ca.newbridge.com, dharkins@cisco.com
Subject: Re: ISAKMP null transforms
From: Brett Howard <bretth@ca.newbridge.com>
Date: Tue, 18 Jun 1996 16:29:27 -0400
Cc: ipsec@TIS.COM
Sender: ipsec-approval@neptune.tis.com

Dan,

>I don't see the problem here. If you don't want to do AH you shouldn't worry
>about your peer getting any message about your ability to do it. The only
>thing your peer cares about is what you intend on doing-- how you intend
>on communicating.

Well, I'm not sure I agree.  When I send a list of transforms in some
order, I implicitly state both a list of capabilities (all members
on the list) and an ordering of preferences.  Not "wanting" to do
AH doesn't imply that I'm not "willing" to do it should my peer deem
it necessary.  I would like to say "I'd prefer no AH, but here's
what I'll accept in order of preference: blah blah".

>  The second phase of negotiation establishes security associations. There is
>no such thing as a "null" security association. You can't do AH with nothing,
>same for ESP.
>
>  Dan

True, but I'm suggesting that an accepted "null" AH proposal would be
identical to accepting a proposal with no AH.

Cheers,
Brett

Follow-Ups:

Re: ISAKMP null transforms

From: "C. Harald Koch" <chk@border.com>

Re: ISAKMP null transforms

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: adding port number to ISAKMP Internet DOI ID's
Next by Date: Re: UUNET Network Encryption Patents
Prev by thread: Re: ISAKMP null transforms
Next by thread: Re: ISAKMP null transforms
Index(es):
- Main
- Thread