[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANX bakeoff ISAKMP issues

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: ANX bakeoff ISAKMP issues
From: Derrell Piper <piper@cisco.com>
Date: Mon, 09 Jun 1997 09:58:12 -0700
cc: anx-sec@dot.netrex.net, "'IPSEC Mailing List'" <ipsec@tis.com>
In-reply-to: Your message of "Fri, 06 Jun 1997 15:43:28 PDT." <199706062243.PAA17308@dharkins-ss20>
Sender: owner-ipsec@ex.tis.com

>> No 'HMAC Algorithm' attribute should to be sent when negotiating AH.
>> This is redundent, since the same information is presented in the
>> transform ID.
>
>Agreed. The DOI talks about this attribute in conjunction with ESP but
>I guess it should be more explicit.

I'll argue that it's not redundant because the base AH transform ID is
simply AH_MD5 or AH_SHA.  If we make this change, we'd have to define new
transform ID's if we ever decide to use something other than HMAC.  There's
also something to be said for keeping the AH and ESP definitions symmetric.

Nonetheless, if there's a concensus that this is overly complicated, I'll
remove the mandatory AH attribute statement in the next version of the DOI.

Derrell

References:

Re: ANX bakeoff ISAKMP issues

From: Daniel Harkins <dharkins@cisco.com>

Prev by Date: Re: ANX bakeoff ISAKMP issues
Next by Date: Re: padding questions
Prev by thread: Re: ANX bakeoff ISAKMP issues
Next by thread: ANX bakeoff ISAKMP issues
Index(es):
- Main
- Thread