[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: issues from the bakeoff

To: Jun-ichiro itojun Hagino <itojun@itojun.org>
Subject: Re: issues from the bakeoff
From: Avram Shacham <shacham@cisco.com>
Date: Tue, 15 Jun 1999 21:24:43 -0700
Cc: ipsec@lists.tislabs.com, ippcp@external.cisco.com
In-Reply-To: <23795.929503385@coconut.itojun.org>
References: <shacham's message of Tue, 15 Jun 1999 19:18:17 MST. <4.0.2.19990615150140.00fa0910@honeybee.cisco.com>
Sender: owner-ipsec@lists.tislabs.com

At 12:23 PM 6/16/99 +0900, Jun-ichiro itojun Hagino wrote:

>	Well-known CPI is not very friendly with PFKEY interface (RFC2367).
>	RFC2367 expects unique SPI per peer (which can embed CPI in lower
>	2 bytes), but for well-known CPI we can't.

Following the IPsec list, one must come to the realization that 
PFKEY-friendly isn't the characteristic of several protocols,
nor it is a requirement. So, IPComp isn't alone.

>	What kind of userland API do you expect to see?  I'm now using dummy
>	SPI (= CPI) to designate the SA database entry for compression,
>	and add a flag to force the use of well-known CPI on the packet.

The RFC reflects the decision of the ippcp wg in the meeting 
in Washington, DC (Dec 97)

   It was also decided not to restrict the CPI values 0-63 only for manual
   setup but also use it for ISAKMP for well known algorithms.

I don't recall any discussion in the wg or on the list regarding 
"userland API."  If the API doesn't fit the protocols, shouldn't 
the API be adjusted?

avram

Follow-Ups:

Re: issues from the bakeoff

From: itojun@iijlab.net

References:

Re: issues from the bakeoff

From: Jun-ichiro itojun Hagino <itojun@itojun.org>

Prev by Date: Re: issues from the bakeoff
Next by Date: Re: issues from the bakeoff
Prev by thread: Re: issues from the bakeoff
Next by thread: Re: issues from the bakeoff
Index(es):
- Main
- Thread