[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vendor ID issues

To: ipsec@portal.gw.tislabs.com
Subject: Vendor ID issues
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 09 Mar 1999 18:06:53 -0500
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


  Bob and I have had a number of discussions about the Vendor ID payload.
  ICSA testing has revealed that quite a number of people are
uncertain about what the VID is for.

  I have produced a BCP that provides a longer example of how to
use it. I do not pretend it is complete. The BCP missed last Friday's
deadline due to lack of proper boilerplate. I have proposed to Ted to
take 15 minutes of IPsec meeting time to try and lead a discussion
about what VID is for. 

  Bob and my most recent exchange is below.

>>>>> "Robert" == Robert Moskowitz <rgm@icsa.net> writes:
    Robert> This highlights the whole problem with Vendor ID.
    Robert> Consider:

    Robert> Vendor X develops the foo extenstion to IKE and ships it
    Robert> with release 5.6 of XOS.

    Robert> Vendor Y enters into an agreement with X and supports foo
    Robert> in release 3.4 of YOS; meanwhile XOS is upgraded to 5.7 to
    Robert> recognize Vendor ID Y.

    Robert> However, Y was smart, realizing that many X customers
    Robert> would not be so fast to upgrade.

  I'm missing a sentence here. What did Y do to be smart?

    Robert> If X was the intiator, Y would go right into foo mode and
    Robert> not bother to send its ID.

  That isn't according to spec. Y should still send its VID. 

    Robert> If Y was the initiator, and X rejected Y's ID, when Y
    Robert> receives X's ID, Y would still do foo.

  If X sends a VID, then it should assume that whomever it is talking
to can send extensions *TO* it using the private use space. The fact
that X does not recognize Y's VID means that X may be unable to
respond. Possibly that calls for a specific notify message. But, some
payloads may not require responses anyway.
  The private use spaces are unique to the *receiver* of the payload.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQBVAwUBNuWpiR4XQavxnHg9AQHG3QIAn8sdHM+xmp3qLgVyWauIa+KGXVCUrlUC
a19GlIxeU+GY4qll+G7x0TVYYVjuRe7T0DBlIXyh9t/px+xf+XC+qQ==
=9ls2
-----END PGP SIGNATURE-----

Follow-Ups:

Re: Vendor ID issues

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: last call for tf-esp BoF speakers
Next by Date: Main versus Aggressive Mode
Prev by thread: last call for tf-esp BoF speakers
Next by thread: Re: Vendor ID issues
Index(es):
- Main
- Thread