[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "Transforms" per se going away?
Dan McDonald wrote:
> *I* was under the impression that with the next round of base document
> updates, the IPsec headers would move away from the "transform" concept, and
> into a "pick an item off the checklist" concept.
[example snipped]
> PLEASE NOTE RIGHT NOW THAT THIS WILL NOT CHANGE THE BITS ON THE WIRE WHICH
> ARE ALREADY WELL-DEFINED, AND WORKING IN MANY PEOPLE'S CODE! (Pardon my
> shouting, that's a very important property though.)
It will change many working ISAKMP implementations which also put bits on
the wire in a well-defined manner. Doing away with the transform and making
everything an attribute will change existing payloads and the way payloads
are constructed and processed. Not that this is necessarily a bad thing,
just that these changes are not completely editorial and everyone needs to
understand that.
Dan.
-------------------------------------------------------------------------------
Dan Harkins | E-mail: dharkins@cisco.com
Network Protocol Security, cisco Systems | phone: +1 (408) 526-5905
170 W. Tasman Drive | fax: +1 (408) 526-4952
San Jose, CA 95134-1706, U.S.A. | ICBM: 37.45N, 122.03W
-------------------------------------------------------------------------------
For your safety and the safety of others: concealed carry, and strong crypto
-------------------------------------------------------------------------------
References: