[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMP: Issues

To: John Burke <jburke@cylink.com>
Subject: Re: ISAKMP: Issues
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Fri, 27 Feb 1998 19:26:16 -0800
cc: wdm@epoch.ncsc.mil, ipsec@tis.com
In-reply-to: Your message of "Fri, 27 Feb 1998 15:17:30 PST." <3.0.32.19980227151729.009f0ac0@192.43.161.2>
Sender: owner-ipsec@ex.tis.com

>What is the argument for trashing the message?  Leave it unless there is a
>strong such argument.

It seems to me that if an Key Negotiation protocol that purports to be
providing enhanced security receives a malformed message (i.e. the code on the
other end "got it wrong"), that the prudent thing to do is to refuse the
negotiation under the assumption that the other end probably got other things
wrong too.  If you can't figure out the size of the message you're sending,
how are you ever going to parse the proposals?  :-)

That's one argument, the other is, perhaps, religious.  Without stringent
checking of MBZ and the like in wire protocols, it's that much harder to
extend them in the future.

Derrell

Follow-Ups:

Re: ISAKMP: Issues

From: Matt Thomas <matt@ljo.dec.com>

References:

Re: ISAKMP: Issues

From: John Burke <jburke@cylink.com>

Prev by Date: Re: IPSEC WORKING GROUP LAST CALL
Next by Date: Re: IPSEC WORKING GROUP LAST CALL
Prev by thread: Re: ISAKMP: Issues
Next by thread: Re: ISAKMP: Issues
Index(es):
- Main
- Thread