[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Paul Koning: Re: IBM VPN Bakeoff Issues

To: ipsec@tis.com
Subject: Paul Koning: Re: IBM VPN Bakeoff Issues
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Fri, 06 Nov 1998 13:04:08 -0500
Sender: owner-ipsec@ex.tis.com

From: Paul Koning <pkoning@xedia.com>
To: mcr@sandelman.ottawa.on.ca
Subject: Re: IBM VPN Bakeoff Issues 
References: <199811052254.RAA04036@tonga.xedia.com>
	<199811060226.VAA06481@istari.sandelman.ottawa.on.ca>
X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs  Lucid
X-Filtered-By: NoCeM-E v0.6 (http://www.novia.net/~doumakes)

>>>>> "Michael" == Michael C Richardson <mcr@sandelman.ottawa.on.ca> writes:

>>>>> "Paul" == Paul Koning <pkoning@xedia.com> writes:

>>>>> "Michael" == Michael C Richardson <mcr@sandelman.ottawa.on.ca> writes:

 Michael> Except for buggy code, why would an implementation that
 Michael> wants to do: IP|ESP|IPCOMP|IP or IP|AH|IP|ESP|IP|IPCOMP

 Michael> specifiy anything other than the order listed in an IKE
 Michael> proposal?

 Paul> Perhaps because I think of this as "AH then ESP then IPCOMP"
 Paul> because I look at packet formats, and someone else thinks of it
 Paul> as "IPCOMP then ESP then AH" because they look at encryption
 Paul> processing order?

 Michael> [May I post to the list?]

Yes, by all means.

 Michael> So, all we need to do really is define the canonical order,
 Michael> rather than try and limit IKE to negotiating these
 Michael> predefined "bundles", which may not be what we want in two
 Michael> years.

That makes sense.

	paul

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: Re: minor inconsistency in arch doc (maybe)
Prev by thread: IPsec and SKIP
Next by thread: Re: transform tunnel/transport attributes
Index(es):
- Main
- Thread