[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call: IPSec DOI Proposed Standard

To: Avram Shacham <shacham@cisco.com>
Subject: Re: Last Call: IPSec DOI Proposed Standard
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Fri, 24 Apr 1998 14:28:30 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, "'iesg@ns.ietf.org'"<iesg@ietf.org>, ipsec@tis.com, ippcp@external.cisco.com
In-Reply-To: Avram Shacham's message of Thu, 23 Apr 1998 21:52:51 -0700,<3.0.2.32.19980423215251.006d74c0@pita.cisco.com>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

   Date: Thu, 23 Apr 1998 21:52:51 -0700
   From: Avram Shacham <shacham@cisco.com>

   Please do.  After all, six weeks ago the IESG approved the publication of
   IP Payload Compression Protocol (IPComp) _only_ as a Proposed Standard (but
   waiting for two IPSec docs.)  If future experience proves the IPCOMP
   Transform Identifiers range is too narrow, there is always room for
   improvements.

Actually, it will be much, much harder to change this in the future if
there are implementations which start assigning CPI's in the range
64-255.  This will prevent us from expanding the range in the future for
static transforms, since they will be used for dynamically assigned
values.

It's clear we will need to make a change to one or the other document,
both of which have been voted on and approved by the IESG (the IPSEC
documents modulo some fixups, including this one).

One compromise position that we might explore would involve putting text
in the IPSEC documents that reserve the range 64-255 for future
expansion, and so implementations MUST NOT assign CPI's in that range.
This at least gives us the opportunity to allow more "well-known"
transforms in the future.    What do people think about this?

You're right that with only four compression algorithms, this isn't a
big deal either way, and shouldn't be used to delay the documents.  On
the other hand, I can't think of any architectural justification to
artificially constrain the ability to expand the number space at this
point in time.  It'd be like the original IP designers saying that IP
addresses should be only 28 bits, instead 32, because surely we would
*never* need 2**28 addresses --- never mind that 4 bytes gives you 32
bits and the cost is the same whether you use 28 or 32 bits.

Taking the analogy back to IPPCP, if we have 1 full byte available to
us, why not use the whole 8 bits, instead of stopping at 6?  Surely we
can spare 192 dynamically assigned CPI's out of over 61,000.  (Note that
the compromise I suggested above reserves these 192 dynamically assigned
CPI's so that we have the option in the future to expand the range.)

							- Ted

Follow-Ups:

Re: Last Call: IPSec DOI Proposed Standard

From: Avram Shacham <shacham@cisco.com>

References:

Re: Last Call: IPSec DOI Proposed Standard

From: Avram Shacham <shacham@cisco.com>

Prev by Date: Re: How to select SPD
Next by Date: Re: Last Call: IPSec DOI Proposed Standard
Prev by thread: Re: Last Call: IPSec DOI Proposed Standard
Next by thread: Re: Last Call: IPSec DOI Proposed Standard
Index(es):
- Main
- Thread