[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: comments on ...isakmp-mode-cfg-02
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Scott" == Scott G Kelly <skelly@redcreek.com> writes:
Scott> The fact of the matter is that if the IPsec suite is to continue
Scott> to grow and improve, implementations will be (temporarily) broken
Scott> now and then. You might be able to make an argument for hacking
Yes, I agree.
My proposed vendor ID allows a single vendor to deploy any number of
extensions without having to break interoperability with other vendors.
I propose that when it comes to writing up new drafts, we will be writing
up ISAKMP v1.1. It isn't clear to me what to do when a responder receives
a packet with a minor version that is *greater* than its own. I think that
one should turn around and initiate with a packet containing major/minor
that one can work with. I.e. the initiator's packet is just "lost", but an
ISAKMP SA is setup.
[hmm. WAIT:
o Minor Version (4 bits) - indicates the minor version of the ISAKMP
protocol in use. Implementations based on this version of the ISAKMP
Internet-Draft MUST set the Minor Version to 0. Implementations
***
based on previous versions of ISAKMP Internet-Drafts MUST set the
Minor Version to 1. Implementations SHOULD never accept packets with
***
a minor version number larger than its own, given the major version
numbers are identical.
Isn't the 0/1 minor numbers reversed? Previous == 1, current = 0?]
Scott> something in temporarily, but when you start going to the trouble
Scott> of writing drafts, why not design it right?
I think we are pretty close.
:!mcr!: | Sandelman Software Works Corporation, Ottawa, ON
Michael Richardson |Network and security consulting and contract programming
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNQ8W+9iXVu0RiA21AQGKeQL9E6FqTNCM80GOc1KUEgtWDK+B9bzZwkOc
jqZf2rc+kp5po7QAW2Waf7eD5XesZJm5GWgDgrl4bxiFd0S7SG9UY+TwZ2NbO4sG
Xn9tMMgznmSAHC47gT5/o+jKd1zcupBV
=C6xe
-----END PGP SIGNATURE-----
Follow-Ups: