[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ANX bakeoff ISAKMP issues

>> No 'HMAC Algorithm' attribute should to be sent when negotiating AH.
>> This is redundent, since the same information is presented in the
>> transform ID.
>Agreed. The DOI talks about this attribute in conjunction with ESP but
>I guess it should be more explicit.

I'll argue that it's not redundant because the base AH transform ID is
simply AH_MD5 or AH_SHA.  If we make this change, we'd have to define new
transform ID's if we ever decide to use something other than HMAC.  There's
also something to be said for keeping the AH and ESP definitions symmetric.

Nonetheless, if there's a concensus that this is overly complicated, I'll
remove the mandatory AH attribute statement in the next version of the DOI.