Re: Results of the IPSEC document reading party

[Tero Kivinen <kivinen@ssh.fi>]

John Burke writes:
> Is this in fact consensus?  I.e. that you're not allowed to use two
> Proposals in an ISAKMP-SA offer, but must use one with multiple Transforms.

If you have to use only one proposal that have one protocol (isakmp)
inside it, then you cannot make interoperable extension to isakmp and
add new protocol that can be used in combination or instead of isakmp
protocol.

I think it would be good idea to leave the protocol so that it can be
extended later easily in such way that new and old implementations can
still interoperate without knowning whether the other end supports
that new extension.

If old version gets proposal that has any other protocol than isakmp
it rejects that proposal and if we allow multiple proposals then it
can try to check if the next proposal is for backward compatibility
(only isakmp protocol).

> Our implementation accepts offers structured either way; in offers which we
> send, the structure can be explicitly configured either way.  As things

So does our implementation. 
-- 
kivinen@iki.fi		              	     Work : +358-9-4354 3205
Magnus Enckellin kuja 9 K 19, 02610, Espoo   Home : +358-9-502 1573

---

References:

• Re: Results of the IPSEC document reading party
• From: John Burke <jburke@cylink.com>

---

• Prev by Date: AH handling of options
• Next by Date: Re: User Authentication for home-office scenario
• Prev by thread: Re: Results of the IPSEC document reading party
• Next by thread: Re: Results of the IPSEC document reading party
• Index(es):
  • Main
  • Thread