[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Version Issues (was RE: Vendor ID issues )

Michael raises version number issues; I have some concerns of my own. When I
read the drafts, it appears that the version numbers belong to ISAKMP. If
this is correct, how do we indicate versions of IKE (or any other protocol,
for that matter)? I don't think the vendor ID is either intended or
appropriate for this (to indicate additional capabilities of the protocol).

Could it be that the version numbers in the ISAKMP header refer to the DOI
that is using ISAKMP? This leads to a problem if you use ISAKMP DOI of 0. In
that case, what's the version number of IKE or another protocol that uses

The rules that Michael's proposing probably cannot be made until the version
number usage and meanings are clarified. (It would help the MIB definition,

Tim Jenkins                       TimeStep Corporation
tjenkins@timestep.com          http://www.timestep.com
(613) 599-3610 x4304               Fax: (613) 599-3617

> -----Original Message-----
> From: Michael C. Richardson [mailto:mcr@sandelman.ottawa.on.ca]
> Sent: Wednesday, March 10, 1999 2:52 PM
> To: ipsec@tislabs.com
> Subject: Re: Vendor ID issues 
>   It isn't clear to me what one does if one receives an 
> ISAKMP initiator
> packet that has a version number greater than one's own.
>   I think that if you receive minor > ME, that you do not 
> respond, but rather
> you initiate again with your major/minor, and the *same* cookies.
>   I think that if you receive major > ME that you initiate 
> with new cookies.
>   We have to work this out. I would think that major number 
> increments mean
> that major things have changed, i.e. interpretation of payloads, etc.

   :!mcr!:            |  Network and security consulting/contract
   Michael Richardson | IPsec, VPN, Firewalls, PKI, network design, Unix
 Corporate: http://www.sandelman.ottawa.on.ca/SSW/
	ON HUMILITY: To err is human, to moo bovine.