[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ipsec-arch-sec-01.txt

To: Ran Atkinson <rja@inet.org>
Subject: Re: Comments on ipsec-arch-sec-01.txt
From: Derrell Piper <piper@cisco.com>
Date: Tue, 23 Sep 1997 06:49:44 -0700
cc: ipsec@tis.com
In-reply-to: Your message of "Tue, 23 Sep 1997 12:57:26 EST." <Chameleon.875016355.rja@c8-a.snvl1.sfba.home.com>
Sender: owner-ipsec@ex.tis.com

>   Requiring that the tunnel/transport-mode distinction be part of the SA
>   will break several existing implementations that my employer is using.
>   It also goes against the grain of not changing the specification in a way
>   that makes existing conforming implementations non-conforming.  I would
>   also request that it be deleted as a mandatory or recommended SA attribute.

Many of the interoperable ISAKMP/Oakley implementations here at the ANX are
using the encapsulation mode attribute to negotiate tunnel/transport mode.
Though not mandated by the current IPSEC DOI, most of us have implemented
this attribute and find it quite useful to know a priori whether we're
negotiating transport or tunnel mode.  You'll note that the DOI does *not*
mandate this attribute precisely because you (and others) raised objections
to doing so way back when.  However there are many of us who find this
attribute useful and I doubt there is concensus to remove it from the DOI.

Derrell

Follow-Ups:

Re: Comments on ipsec-arch-sec-01.txt

From: Dan.McDonald@Eng.Sun.Com (Dan McDonald)

References:

Re: Comments on ipsec-arch-sec-01.txt

From: Ran Atkinson <rja@inet.org>

Prev by Date: I-D ACTION:draft-ietf-ipsec-ipsec-doi-04.txt
Next by Date: Re: Comments on ipsec-arch-sec-01.txt
Prev by thread: Re: Comments on ipsec-arch-sec-01.txt
Next by thread: Re: Comments on ipsec-arch-sec-01.txt
Index(es):
- Main
- Thread