[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transform tunnel/transport attributes

To: ipsec@tis.com
Subject: Re: transform tunnel/transport attributes
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Sun, 08 Nov 1998 18:01:28 -0500
In-Reply-To: Your message of "Sat, 07 Nov 1998 18:42:26 PST." <199811080242.SAA16982@chip.cisco.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Daniel" == Daniel Harkins <dharkins@cisco.com> writes:
    Daniel> But regardles of the utility the processing is different. If the

  I agree. 

    Daniel> AH transport mode processing and then that packet, which is now
    Daniel> an authenticated ESP packet between SG1 and SG2, is reinserted

  This operation of reinsertation is not something that I think very many
people have implemented. Can we have a show of hands as to who thinks they
might be able to handle such an operation? Remember that this is not a MUST,
so don't feel badly saying no.

    Daniel> right. Given that there's running code that implements case 1 I
    Daniel> really don't want to open that case up to interpretation
    Daniel> again. Maybe we just need to clarify the two cases.
    >>  I think that you just did. Now, how can this be clearly and cleanly
    >> described in IKE exchanges? I think we need to add IKE details to
    >> this. What would you expect/send for each case?

    Daniel> Did what? Invalidate case 1 or open it up to re-interpretation?
    Daniel> You just gave a good example of why someone would want to do case
    Daniel> 2. I still think case 1 has merit.

  I think they both have merit, seeing as they are in fact different, and
you have described a way to negotiate them as different things. Do we get
any agreement here that what Dan describes is how one would negotiate
AH&ESP?
  [while you might not want to support AH&ESP, you might want to support 
AH&IPComp]

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson |         Firewalls, TCP/IP and Unix administration
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNkYixtiXVu0RiA21AQEHXQL9GFDpUtfB8ytV2MzH+8mQ0zaOj5s6hpLn
MwBKgtaIagTiJkipAx+TgoklU5r8Aba7ORAD0nQGaQuoyBOdZxnWTihI4pJ4uFbd
c9qXuddITHZ7mhwi1ICi8CuN051jwHRc
=6Un+
-----END PGP SIGNATURE-----

Prev by Date: Re: IBM VPN Bakeoff Issues
Next by Date: Re: Comments on draft-ietf-ipsec-pki-req-01.txt
Prev by thread: transform tunnel/transport attributes
Next by thread: RE: transform tunnel/transport attributes
Index(es):
- Main
- Thread