[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: doi-07/interoperability questions

To: ben@Ascend.COM (Ben Rogers)
Subject: Re: doi-07/interoperability questions
From: "C. Harald Koch" <chk@utcc.utoronto.ca>
Date: Tue, 10 Mar 1998 18:20:38 -0500
cc: "Derrell D. Piper" <ddp@network-alchemy.com>, ipsec@tis.com
In-reply-to: ben's message of "Tue, 10 Mar 1998 14:41:39 -0500". <199803101941.OAA08443@carp.morningstar.com>
References: <199803101550.KAA08137@carp.morningstar.com> <199803101927.LAA06845@drawbridge.ascend.com> <199803101941.OAA08443@carp.morningstar.com>
Sender: owner-ipsec@ex.tis.com

In message <199803101941.OAA08443@carp.morningstar.com>, Ben Rogers writes:
> 
> I'm not complaining about the current draft.  In fact, I have
> implemented it.  However, I found that sending either an AH-MD5 or an
> AH-SHA1 with the corresponding HMAC-MD5 or HMAC-SHA1 attribute was
> not accepted by many implementations, and only 3 or 4 others actually
> sent these transform payloads with the correct auth attribute.

I saw this too. In fact, we had to relax our policy configuration code to
interoperate with several other vendors for this exact reason. I agree with
Derrell that the standard is explicit on this. However, many vendors are
getting it wrong...

-- 
Harald

References:

doi-07/interoperability questions

From: Ben Rogers <ben@Ascend.COM>

Re: doi-07/interoperability questions

From: Ben Rogers <ben@Ascend.COM>

Prev by Date: Re: doi-07/interoperability questions
Next by Date: ISAKMP-09 Changes
Prev by thread: Re: doi-07/interoperability questions
Next by thread: RE: doi-07/interoperability questions
Index(es):
- Main
- Thread