[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: transform tunnel/transport attributes
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Daniel" == Daniel Harkins <dharkins@cisco.com> writes:
Daniel> But regardles of the utility the processing is different. If the
I agree.
Daniel> AH transport mode processing and then that packet, which is now
Daniel> an authenticated ESP packet between SG1 and SG2, is reinserted
This operation of reinsertation is not something that I think very many
people have implemented. Can we have a show of hands as to who thinks they
might be able to handle such an operation? Remember that this is not a MUST,
so don't feel badly saying no.
Daniel> right. Given that there's running code that implements case 1 I
Daniel> really don't want to open that case up to interpretation
Daniel> again. Maybe we just need to clarify the two cases.
>> I think that you just did. Now, how can this be clearly and cleanly
>> described in IKE exchanges? I think we need to add IKE details to
>> this. What would you expect/send for each case?
Daniel> Did what? Invalidate case 1 or open it up to re-interpretation?
Daniel> You just gave a good example of why someone would want to do case
Daniel> 2. I still think case 1 has merit.
I think they both have merit, seeing as they are in fact different, and
you have described a way to negotiate them as different things. Do we get
any agreement here that what Dan describes is how one would negotiate
AH&ESP?
[while you might not want to support AH&ESP, you might want to support
AH&IPComp]
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
Corporate: http://www.sandelman.ottawa.on.ca/SSW/
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNkYixtiXVu0RiA21AQEHXQL9GFDpUtfB8ytV2MzH+8mQ0zaOj5s6hpLn
MwBKgtaIagTiJkipAx+TgoklU5r8Aba7ORAD0nQGaQuoyBOdZxnWTihI4pJ4uFbd
c9qXuddITHZ7mhwi1ICi8CuN051jwHRc
=6Un+
-----END PGP SIGNATURE-----