[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A pothole in ISAKMP/Oakley

To: pau@watson.ibm.com
Subject: Re: A pothole in ISAKMP/Oakley
From: Daniel Harkins <dharkins@cisco.com>
Date: Tue, 15 Apr 1997 13:49:47 -0700
Cc: piper@cisco.com, ipsec@tis.com
In-Reply-To: Your message of "Tue, 15 Apr 1997 15:58:33 EDT." <9704151958.AA22946@secpwr.watson.ibm.com>
Sender: owner-ipsec@ex.tis.com

  Pau-Chen,

> This is a 2-line change to the ISAKMP-OAKLEY doc.
> As for the code, the current doc requires the code to take the SPI value
> from the PROPOSAL payload header when computing Quick Mode KEYMAT.
> The proposed change requires the code to also take the "Protocol-ID"
> value from the SAME PROPOSAL payload header when computing Quick Mode KEYMAT.
> I don't think that is a difficult change.

  The size of the change isn't the issue, it's the merit of the change.
Another way of looking at this is that we're changing the document to 
accomodate incorrect implementations (monotonically increasing a counter to
generate a SPI is probably unwise regardless of this pothole). In that light, 
is this change meritorious?

  Personally, I'm in favor of this change but I'd like to note that the
cement is drying on this document. If we have some consensus that this is
really a problem that really needs to be addressed it can be changed, but
I'd like to avoid what is becoming an even bigger problem: document creep.

  Dan.

References:

Re: A pothole in ISAKMP/Oakley

From: pau@watson.ibm.com

Prev by Date: Re: A pothole in ISAKMP/Oakley
Next by Date: Re: Another pothole in ISAKMP/Oakley
Prev by thread: Re: A pothole in ISAKMP/Oakley
Next by thread: Re: A pothole in ISAKMP/Oakley
Index(es):
- Main
- Thread