[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IBM VPN Bakeoff Issues
-----BEGIN PGP SIGNED MESSAGE-----
[WRT: Tim comments and Paul's response, no specific quote]
While I think that a definitive order is good, because it makes
analysis easier (fewer combinations == less work), I am concerned
about Tim's proposal about amalgamating headers. Before you
comment on that: read the archives.
I am further concerned that the needs of the host, and the
host+gateway^n+host are not clear enough to start putting restrictions
in the *spec*. If ISCA wants to certify a portion, or certain options,
that is fine (and should be encouraged), but I don't think we should
change things.
Except for buggy code, why would an implementation that wants to do:
IP|ESP|IPCOMP|IP
or
IP|AH|IP|ESP|IP|IPCOMP
specifiy anything other than the order listed in an IKE proposal?
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNkIWk9iXVu0RiA21AQGAjgL/X8dgQUV57xhsJAq4+T/ttXcLSqxIQ1W2
Yez3G7Z3UGFRN2bcnDwTaHzeoFEaTVmFPLp2SC9KGw22EbSeMP4VIC0HfcfeS5Gn
SzNZfz9LQnhtKjcj0ExQ6SlWKxBI3oVe
=IvZN
-----END PGP SIGNATURE-----
References: