[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Version Issues (was RE: Vendor ID issues )

To: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>, ipsec@tislabs.com
Subject: Version Issues (was RE: Vendor ID issues )
From: Tim Jenkins <tjenkins@TimeStep.com>
Date: Wed, 10 Mar 1999 15:44:09 -0500
Sender: owner-ipsec@ex.tis.com

Michael raises version number issues; I have some concerns of my own. When I
read the drafts, it appears that the version numbers belong to ISAKMP. If
this is correct, how do we indicate versions of IKE (or any other protocol,
for that matter)? I don't think the vendor ID is either intended or
appropriate for this (to indicate additional capabilities of the protocol).

Could it be that the version numbers in the ISAKMP header refer to the DOI
that is using ISAKMP? This leads to a problem if you use ISAKMP DOI of 0. In
that case, what's the version number of IKE or another protocol that uses
ISAKMP?

The rules that Michael's proposing probably cannot be made until the version
number usage and meanings are clarified. (It would help the MIB definition,
too.)


---
Tim Jenkins                       TimeStep Corporation
tjenkins@timestep.com          http://www.timestep.com
(613) 599-3610 x4304               Fax: (613) 599-3617



> -----Original Message-----
> From: Michael C. Richardson [mailto:mcr@sandelman.ottawa.on.ca]
> Sent: Wednesday, March 10, 1999 2:52 PM
> To: ipsec@tislabs.com
> Subject: Re: Vendor ID issues 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
>  
>   It isn't clear to me what one does if one receives an 
> ISAKMP initiator
> packet that has a version number greater than one's own.
>   I think that if you receive minor > ME, that you do not 
> respond, but rather
> you initiate again with your major/minor, and the *same* cookies.
>   I think that if you receive major > ME that you initiate 
> with new cookies.
>   We have to work this out. I would think that major number 
> increments mean
> that major things have changed, i.e. interpretation of payloads, etc.
> 

   :!mcr!:            |  Network and security consulting/contract
programming
   Michael Richardson | IPsec, VPN, Firewalls, PKI, network design, Unix
admin
 Personal:
http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.

Follow-Ups:

Re: Version Issues (was RE: Vendor ID issues )

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: Vendor ID issues
Next by Date: RSA is hiring crypto software engineers
Prev by thread: RE: Host configuration
Next by thread: Re: Version Issues (was RE: Vendor ID issues )
Index(es):
- Main
- Thread