[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: "Transforms" per se going away?



Dan McDonald wrote:
> *I* was under the impression that with the next round of base document
> updates, the IPsec headers would move away from the "transform" concept, and
> into a "pick an item off the checklist" concept.  

[example snipped]

> PLEASE NOTE RIGHT NOW THAT THIS WILL NOT CHANGE THE BITS ON THE WIRE WHICH
> ARE ALREADY WELL-DEFINED, AND WORKING IN MANY PEOPLE'S CODE!  (Pardon my
> shouting, that's a very important property though.)

It will change many working ISAKMP implementations which also put bits on
the wire in a well-defined manner. Doing away with the transform and making 
everything an attribute will change existing payloads and the way payloads 
are constructed and processed. Not that this is necessarily a bad thing, 
just that these changes are not completely editorial and everyone needs to 
understand that.

  Dan.

-------------------------------------------------------------------------------
Dan Harkins                                |   E-mail:  dharkins@cisco.com
Network Protocol Security, cisco Systems   |   phone:   +1 (408) 526-5905
170 W. Tasman Drive                        |   fax:     +1 (408) 526-4952
San Jose, CA 95134-1706, U.S.A.            |   ICBM:    37.45N, 122.03W
-------------------------------------------------------------------------------
For your safety and the safety of others: concealed carry, and strong crypto
-------------------------------------------------------------------------------



References: