[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transform tunnel/transport attributes

To: Daniel Harkins <dharkins@cisco.com>
Subject: Re: transform tunnel/transport attributes
From: "Scott G. Kelly" <skelly@redcreek.com>
Date: Mon, 09 Nov 1998 13:08:31 -0800
CC: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>, ipsec@tis.com
Organization: RedCreek Communications
References: <199811071906.LAA11898@chip.cisco.com>
Sender: owner-ipsec@ex.tis.com

Sorry for any confusion surrounding my various posts on Friday. There is
quite a lag between when messages are posted to the ipsec list and when
I receive them (sometimes), and I was receiving messages from may hours
prior right after each post which, had I received them sooner, would
have modified my thinking. 

I guess my take on this after reading the various follow-ups is this:
for the reasons Dan cited (same IDcx for all proposals), we need the IKE
convention which Dan and others have already implemented, i.e. calling
both transforms 'tunnel-mode' even though we know this is semantically
incorrect. Rough consensus and running code, I believe the doc says...

I also agree that language clearing up any misunderstandings might be
useful, and that such language has already been proposed.

I think there are couple of important things to note: this does not
represent an architectural change, and does not violate the architecture
doc in any way I can see. This amounts to adoption of an IKE convention
which simplifies our lives a bit.

Scott

Prev by Date: A question about XAUTH
Next by Date: IPSEC Policy Selectors and ISAKMP
Prev by thread: RE: transform tunnel/transport attributes
Next by thread: Re: Selection of proposals (fwd)
Index(es):
- Main
- Thread