[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: doi-07/interoperability questions
In message <199803101941.OAA08443@carp.morningstar.com>, Ben Rogers writes:
>
> I'm not complaining about the current draft. In fact, I have
> implemented it. However, I found that sending either an AH-MD5 or an
> AH-SHA1 with the corresponding HMAC-MD5 or HMAC-SHA1 attribute was
> not accepted by many implementations, and only 3 or 4 others actually
> sent these transform payloads with the correct auth attribute.
I saw this too. In fact, we had to relax our policy configuration code to
interoperate with several other vendors for this exact reason. I agree with
Derrell that the standard is explicit on this. However, many vendors are
getting it wrong...
--
Harald
References: