doi-07/interoperability questions

[Ben Rogers <ben@Ascend.COM>]

At the bakeoff, we ran into the small problem of some recent changes to
the DOI document which caused many machines to be un-interoperable.
Namely, the AH Transform types have changed, and the attribute
requirements for AH transform payloads has also changed.  This caused a
problem because very few vendors (~3 or 4?) had actually implemented the
current draft while the interoperable majority was still working with
older code.  I hope someone can confirm that support for the new
document will be included in all production loads meeting the 15. March
deadline.

My other question centers on the use of Encapsulation Mode attributes in
combined (AND) proposal transforms.  Namely, it seems obvious that we
should support the case where both are transport mode (Case 1.3 in
section 4.5 of arch-sec), and not support the case where both are tunnel
(probably returning a BAD-PROPSAL-SYNTAX).  However, I'm not too clear
as to whether I should support mixed proposals.  My opinion is that it
makes sense to support AH (transport) and ESP (tunnel) with the
following encapsulation:

[IP2][AH][ESP][IP1][upper]

and to not support AH (tunnel) and ESP (transport).  Does anyone else
have any feelings on this matter?  Whatever we choose probably ought to
be added as clarifying text to [IPDOI].


ben

---

Follow-Ups:

• Re: doi-07/interoperability questions
• From: Robert Moskowitz <rgm-sec@htt-consult.com>
• Re: doi-07/interoperability questions
• From: "Derrell D. Piper" <ddp@network-alchemy.com>

---

• Prev by Date: Question about draft-ietf-ipsec-arch-sec-03.txt
• Next by Date: draft-ietf-ipsec-ciph-cbc-02.txt
• Prev by thread: Re: Question about draft-ietf-ipsec-arch-sec-03.txt
• Next by thread: Re: doi-07/interoperability questions
• Index(es):
  • Main
  • Thread