[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last call and the DOI

To: ben@Ascend.COM (Ben Rogers)
Subject: Re: Last call and the DOI
From: "Derrell D. Piper" <ddp@network-alchemy.com>
Date: Fri, 20 Mar 1998 16:19:52 -0800
cc: ipsec@tis.com
In-reply-to: Your message of "Fri, 20 Mar 1998 17:35:24 EST." <199803202235.RAA29786@carp.morningstar.com>
Sender: owner-ipsec@ex.tis.com

Ben,

The DOI doesn't intend to say that you must use that combination together,
it's saying that you have to support that combination to be compliant.
Section 4.5 further talks about the use of Auth with ESP_NULL:

         Authentication Algorithm
           RESERVED                0
           HMAC-MD5                1
           HMAC-SHA                2
           DES-MAC                 3
           KPDK                    4

           Values 5-61439 are reserved to IANA.  Values 61440-65535 are
           for private use.

           There is no default value for Auth Algorithm, as it must be
           specified to correctly identify the applicable AH or ESP
           transform, except in the following case.

           When negotiating ESP without authentication, the Auth
           Algorithm attribute MUST NOT be included in the proposal.

           When negotiating ESP without confidentiality, the Auth
           Algorithm attribute MUST be included in the proposal and
           the ESP transform ID must be ESP_NULL.

I'll certainly try to further clarify this in a subsequent revision, but I'd
appreciate some explicit suggestions on additional wording, as it seems okay
to me as it is...

Derrell

References:

Last call and the DOI

From: Ben Rogers <ben@Ascend.COM>

Prev by Date: Agenda for the LA wg meeting
Next by Date: Re: is manual keying mandatory (fwd)
Prev by thread: Last call and the DOI
Next by thread: Re: Last call and the DOI
Index(es):
- Main
- Thread