RE: IBM VPN Bakeoff Issues

[Paul Koning <pkoning@xedia.com>]

I agree with Tim Jenkins.  The set of sensible transform combinations
(between any given pair of endpoints) is quite small.  It is dubious
at best whether it is even legal to do ESP inside IPCOMP; there is no
question at all that doing so is silly.  Certainly I have no intent of 
ever implementing it.

So what about the "be lenient on receive" rule?  It doesn't mean you
can ask for things that make no sense.  It means only that two
different encodings that could reasonably be interpreted to mean the
same thing should both be accepted as asking for that thing.

This means to me that the proposal order should not matter but no
matter what the proposal order, the transform order is always the one
required by the current specs.  The alternative would be to insist on
an order matching the transform application order and rejecting all
others, since most of us are clearly not going to implement any
others.

	paul

---

Follow-Ups:

• Re: IBM VPN Bakeoff Issues
• From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

References:

• RE: IBM VPN Bakeoff Issues
• From: Tim Jenkins <tjenkins@TimeStep.com>

---

• Prev by Date: RE: IBM VPN Bakeoff Issues
• Next by Date: Re: IBM VPN Bakeoff Issues
• Prev by thread: RE: IBM VPN Bakeoff Issues
• Next by thread: Re: IBM VPN Bakeoff Issues
• Index(es):
  • Main
  • Thread