[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Commit Bit Processing

> There are applications that want to consider using the commit bit
> in both directions. One of the specific ones I've seen is for key
> recovery. See <draft-kra-ipsec-isakmp-04.txt>, for example.


Be that as it may, that's not why the COMMIT bit was invented.  The COMMIT bit
was designed to ensure that the QM responder has his SA's in place before
receiving encrypted traffic under the newly negotiated IPSec SA's.

[begin soapbox]

If others want to use it for key recovery, don't expect them to interoperate
with anyone else.  It's precisely because of arguments like this that the
IKE/IPSec protocol attained its ridiculous level of complexity.  KISS.  The
COMMIT bit has an obvious meaning and that is that it should be set in the
responder.  If you reflect it back fine, my implementation doesn't care and I
interoperate with people who do in their fielded implementations.

It's absolutely imperative that we stive for interopatibility amongst our
IKE/IPSec implementations.  If we don't, we'll read about it in the press,
again, ("major problems with IKE") and our prospective customers will continue
to defer their purchasing decisions.  Adding overloaded meaning to the COMMIT
bit is not good engineering.

[end of soapbox]