[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vendor ID issues

To: ipsec@tislabs.com
Subject: Re: Vendor ID issues
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Wed, 10 Mar 1999 14:52:17 -0500
In-Reply-To: Your message of "Wed, 10 Mar 1999 08:47:40 PST." <199903101647.IAA05816@potassium.network-alchemy.com>
Sender: owner-ipsec@ex.tis.com

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Dan" == Dan Harkins <dharkins@Network-Alchemy.COM> writes:
    Dan>   I had a similar exchange with Bob over this. I don't know why ICSA
    Dan> is testing this stuff. They're having enough trouble just figuring out 
    Dan> how to test main mode with pre-shard keys! As far as interoperability 
    Dan> is concerned, if you barf upon receipt of a vendor ID payload you don't
    Dan> recognize then you're broken.

  They aren't testing it. Rather they are experiencing the brokenness because
some product does not accept it, but at the time it was tested, nobody
sent it.

    Dan> required vendor ID payload then you can't initiate the mode to it. When
    Dan> the I-D advances it can be assigned valid exchange and payload numbers
    Dan> by IANA and the verbage discussing the vendor ID payload to use for
    Dan> testing can be dropped. But that didn't happen. :-( Now we have several
 
  It isn't clear to me what one does if one receives an ISAKMP initiator
packet that has a version number greater than one's own.
  I think that if you receive minor > ME, that you do not respond, but rather
you initiate again with your major/minor, and the *same* cookies.
  I think that if you receive major > ME that you initiate with new cookies.
  We have to work this out. I would think that major number increments mean
that major things have changed, i.e. interpretation of payloads, etc.

    Dan>   The BCP is definitely needed before this is repeated. Can you post it 
    Dan> to the list?

  http://www.sandelman.ottawa.on.ca/SSW/ietf/ipsec-vendorid.txt

   :!mcr!:            |  Network and security consulting/contract programming
   Michael Richardson | IPsec, VPN, Firewalls, PKI, network design, Unix admin
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.



-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQDVAwUBNubNYnMJp3VWzPepAQHl0wX9GSfyu7T/toTiTZ2DwlecqXJ5YLGEHhEM
MVbK7I8pxoVZAEZ7nxwc5ZaZp8NcHL+WynS3ZYdpCzfKUccxT6t2h1x1Qum5JCiP
gAyrGjDGDpgKN8mPtCOfaAVyynH9Fye/DG6JincQ1vxMbaeTYcadc1i3BDghTAwA
JLezfJWP3yYXksAdmaPfdv0HtPTJ4xZ8FMSDDeCBMVfbcoYBh+TxLCPf0qhigNjQ
Efshl5mJv7sqWOHg9b1Vh/0rrFJixW5N
=53DZ
-----END PGP SIGNATURE-----

References:

Re: Vendor ID issues

From: Dan Harkins <dharkins@network-alchemy.com>

Prev by Date: Re: Host configuration
Next by Date: Version Issues (was RE: Vendor ID issues )
Prev by thread: Re: Vendor ID issues
Next by thread: Main versus Aggressive Mode
Index(es):
- Main
- Thread