[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Paul Koning: Re: IBM VPN Bakeoff Issues
From: Paul Koning <pkoning@xedia.com>
To: mcr@sandelman.ottawa.on.ca
Subject: Re: IBM VPN Bakeoff Issues
References: <199811052254.RAA04036@tonga.xedia.com>
<199811060226.VAA06481@istari.sandelman.ottawa.on.ca>
X-Mailer: VM 6.34 under 20.3 "Vatican City" XEmacs Lucid
X-Filtered-By: NoCeM-E v0.6 (http://www.novia.net/~doumakes)
>>>>> "Michael" == Michael C Richardson <mcr@sandelman.ottawa.on.ca> writes:
>>>>> "Paul" == Paul Koning <pkoning@xedia.com> writes:
>>>>> "Michael" == Michael C Richardson <mcr@sandelman.ottawa.on.ca> writes:
Michael> Except for buggy code, why would an implementation that
Michael> wants to do: IP|ESP|IPCOMP|IP or IP|AH|IP|ESP|IP|IPCOMP
Michael> specifiy anything other than the order listed in an IKE
Michael> proposal?
Paul> Perhaps because I think of this as "AH then ESP then IPCOMP"
Paul> because I look at packet formats, and someone else thinks of it
Paul> as "IPCOMP then ESP then AH" because they look at encryption
Paul> processing order?
Michael> [May I post to the list?]
Yes, by all means.
Michael> So, all we need to do really is define the canonical order,
Michael> rather than try and limit IKE to negotiating these
Michael> predefined "bundles", which may not be what we want in two
Michael> years.
That makes sense.
paul