Re: IBM VPN Bakeoff Issues

["Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>]

-----BEGIN PGP SIGNED MESSAGE-----


  [WRT: Tim comments and Paul's response, no specific quote]

  While I think that a definitive order is good, because it makes
analysis easier (fewer combinations == less work), I am concerned 
about Tim's proposal about amalgamating headers. Before you
comment on that: read the archives. 

  I am further concerned that the needs of the host, and the
host+gateway^n+host are not clear enough to start putting restrictions
in the *spec*. If ISCA wants to certify a portion, or certain options,
that is fine (and should be encouraged), but I don't think we should
change things.
  Except for buggy code, why would an implementation that wants to do:
	IP|ESP|IPCOMP|IP
  or
	IP|AH|IP|ESP|IP|IPCOMP

  specifiy anything other than the order listed in an IKE proposal?

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.



	


  

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNkIWk9iXVu0RiA21AQGAjgL/X8dgQUV57xhsJAq4+T/ttXcLSqxIQ1W2
Yez3G7Z3UGFRN2bcnDwTaHzeoFEaTVmFPLp2SC9KGw22EbSeMP4VIC0HfcfeS5Gn
SzNZfz9LQnhtKjcj0ExQ6SlWKxBI3oVe
=IvZN
-----END PGP SIGNATURE-----

---

References:

• RE: IBM VPN Bakeoff Issues
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: RE: IBM VPN Bakeoff Issues
• Next by Date: Re: IBM VPN Bakeoff Issues
• Prev by thread: RE: IBM VPN Bakeoff Issues
• Next by thread: RE: IBM VPN Bakeoff Issues
• Index(es):
  • Main
  • Thread