[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue concerning P1 ID port/protocol and Interop Testing
- To: IETF IPSEC <ipsec@tis.com>
- Subject: Re: Issue concerning P1 ID port/protocol and Interop Testing
- From: Will Fiveash <will@austin.ibm.com>
- Date: Thu, 8 Oct 1998 13:23:06 -0500
- In-Reply-To: <199810072127.XAA17909@waldorf.appli.se>; from Niklas Hallqvist on Wed, Oct 07, 1998 at 11:27:26PM +0200
- Mail-Followup-To: IETF IPSEC <ipsec@tis.com>
- References: <19981007135652.A24312@austin.ibm.com> <199810072127.XAA17909@waldorf.appli.se>
- Sender: owner-ipsec@ex.tis.com
On Wed, Oct 07, 1998 at 11:27:26PM +0200, Niklas Hallqvist wrote:
>
> Just to fill in: I had exactly the same problem. I mentioned it to
> Tero and he said that he interpreted the draft like that (although I
> don't see how to do that) which leads to the conclusion, that the
> drafts does not seem to be very well phrased. I did not report it
> here as I have seen messages saying it's too late this time 'round.
After reading the responses so far to my previous mail note, I get the
impression that there is some confusion regarding P1 ID protocol/port
values. My feeling is that I should implement IKE on AIX such that it
sends 0/0 when initiating but ignores these fields when responding
(conservative in sending, liberal in receiving). This would make it
easier on customers trying to inter-operate with the various flavors of
IKE. The thing that concerns me about this is whether this behavior
would count against us when organizations like ISCA test IKE for
certification purposes. Anyone have an opinion on this?
--
Will Fiveash
IBM AIX System Development Internet: will@austin.ibm.com
11400 Burnet Road, Bld.905/9551 Notes: will@austin.ibm.com@internet
Austin, TX 78758-3493 Phone:(512) 838-7904(off)/3509(fax), T/L 678-7904
References: